CVE-2023-30466

EUVD-2023-34881
This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device.

Successful exploitation of this vulnerability could allow remote attacker to account takeover on the targeted device.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CERT-InCNA
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
Affected Products (NVD)
VendorProductVersion
milesightms-n5008-uc_firmware
𝑥
< 73.9.0.18-r2
milesightms-n1008-unc_firmware
𝑥
< 73.9.0.18-r2
milesightms-n1008-uc_firmware
𝑥
< 73.9.0.18-r2
milesightms-n1004-uc_firmware
𝑥
< 73.9.0.18-r2
milesightms-n5016-e_firmware
𝑥
< 75.9.0.18-r2
milesightms-n5008-e_firmware
𝑥
< 75.9.0.18-r2
milesightms-n7016-uh_firmware
𝑥
< 71.9.0.18-r2
milesightms-n7032-uh_firmware
𝑥
< 71.9.0.18-r2
milesightms-n8064-uh_firmware
𝑥
< 71.9.0.18-r2
milesightms-n8032-uh_firmware
𝑥
< 71.9.0.18-r2
milesightms-n1004-upc_firmware
𝑥
< 73.9.0.18-r2
milesightms-n1008-upc_firmware
𝑥
< 73.9.0.18-r2
milesightms-n1008-unpc_firmware
𝑥
< 73.9.0.18-r2
milesightms-n5008-upc_firmware
𝑥
< 73.9.0.18-r2
milesightms-n5016-pe_firmware
𝑥
< 75.9.0.18-r2
milesightms-n5008-pe_firmware
𝑥
< 75.9.0.18-r2
milesightms-n7016-uph_firmware
𝑥
< 71.9.0.18-r2
milesightms-n7032-uph_firmware
𝑥
< 71.9.0.18-r2
milesightms-n7048-uph_firmware
𝑥
< 71.9.0.18-r2
milesightms-nxxxx-xxg_firmware
𝑥
< 77.9.0.18-r2
milesightms-nxxxx-xxt_firmware
𝑥
< 72.9.0.18-r2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0121
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0121