CVE-2023-30467

EUVD-2023-34882

28.04.2023, 11:15

This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to improper authorization at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device.

Successful exploitation of this vulnerability could allow remote attacker to perform unauthorized activities on the targeted device.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CERT-In	CNA	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 61%

Affected Products (NVD)

Vendor	Product	Version
milesight	ms-n5008-uc_firmware	𝑥 < 73.9.0.18-r2
milesight	ms-n1008-unc_firmware	𝑥 < 73.9.0.18-r2
milesight	ms-n1008-uc_firmware	𝑥 < 73.9.0.18-r2
milesight	ms-n1004-uc_firmware	𝑥 < 73.9.0.18-r2
milesight	ms-n5016-e_firmware	𝑥 < 75.9.0.18-r2
milesight	ms-n5008-e_firmware	𝑥 < 75.9.0.18-r2
milesight	ms-n7016-uh_firmware	𝑥 < 71.9.0.18-r2
milesight	ms-n7032-uh_firmware	𝑥 < 71.9.0.18-r2
milesight	ms-n8064-uh_firmware	𝑥 < 71.9.0.18-r2
milesight	ms-n8032-uh_firmware	𝑥 < 71.9.0.18-r2
milesight	ms-n1004-upc_firmware	𝑥 < 73.9.0.18-r2
milesight	ms-n1008-upc_firmware	𝑥 < 73.9.0.18-r2
milesight	ms-n1008-unpc_firmware	𝑥 < 73.9.0.18-r2
milesight	ms-n5008-upc_firmware	𝑥 < 73.9.0.18-r2
milesight	ms-n5016-pe_firmware	𝑥 < 75.9.0.18-r2
milesight	ms-n5008-pe_firmware	𝑥 < 75.9.0.18-r2
milesight	ms-n7016-uph_firmware	𝑥 < 71.9.0.18-r2
milesight	ms-n7032-uph_firmware	𝑥 < 71.9.0.18-r2
milesight	ms-n7048-uph_firmware	𝑥 < 71.9.0.18-r2
milesight	ms-nxxxx-xxg_firmware	𝑥 < 77.9.0.18-r2
milesight	ms-nxxxx-xxt_firmware	𝑥 < 72.9.0.18-r2

𝑥

= Vulnerable software versions

Common Weakness Enumeration

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0121