CVE-2023-0773
9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Summary
The vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device.
Successful exploitation of this vulnerability could allow the attacker to gain complete control of the targeted device.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Uniview | Uniview IP Camera IPC322LB-SF28-A | CIPC-B2303.X.X.XXXXXX <= CIPC-B2303.2.8.230105 | affected |
| Uniview | Uniview IP Camera IPC322LB-SF28-A | DIPC-B1213.X.X.XXXXXX <= DIPC-B1213.6.5.230215 | affected |
| Uniview | Uniview IP Camera IPC322LB-SF28-A | DIPC-B1216.X.X.XXXXXX <= DIPC-B1216.5.7.230109 | affected |
| Uniview | Uniview IP Camera IPC322LB-SF28-A | DIPC-B1221.X.X.XXXXXX <= DIPC-B1221.3.5.221202 | affected |
| Uniview | Uniview IP Camera IPC322LB-SF28-A | DIPC-B1222.X.X.XXXXXX <= DIPC-B1222.3.8.230223 | affected |
| Uniview | Uniview IP Camera IPC322LB-SF28-A | DIPC-B1225.X.X.XXXXXX <= DIPC-B1225.3.3.221123 | affected |
| Uniview | Uniview IP Camera IPC322LB-SF28-A | DIPC-B1226.X.X.XXXXXX <= DIPC-B1226.3.6.230105 | affected |
| Uniview | Uniview IP Camera IPC322LB-SF28-A | DIPC-B1219.X.X.XXXXXX <= DIPC-B1219.2.67.221019 | affected |
| Uniview | Uniview IP Camera IPC322LB-SF28-A | DIPC-B1223.X.X.XXXXXX <= DIPC-B1223.3.3.221123 | affected |
| Uniview | Uniview IP Camera IPC322LB-SF28-A | DIPC-B1228.X.X.XXXXXX <= DIPC-B1228.2.65.230207 | affected |
| Uniview | Uniview IP Camera IPC322LB-SF28-A | DIPC-B1229.X.X.XXXXXX <= DIPC-B1229.1.67.230104 | affected |
Weaknesses
- CWE-287: CWE-287 Improper Authentication
ADP Enrichment
CVE Program Container
Additional References
- https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0270
- https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0270
- https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.