PT-2022-4366 · Unknown · Unimo Digital Video Recorders
Masaki Kubo
+2
·
Published
2022-08-22
·
Updated
2025-09-16
·
CVE-2022-35733
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
UNIMO digital video recorders versions v1.0.20.13 and earlier
UNIMO digital video recorders versions v2.0.20.13 and earlier
Description
The issue is related to the absence of authentication for a critical function in the firmware of UNIMO digital video recorders. This allows a remote attacker to execute arbitrary OS commands by sending a specially crafted request to the affected device's web interface.
Recommendations
For versions v1.0.20.13 and earlier, update to a version that includes authentication for critical functions.
For versions v2.0.20.13 and earlier, update to a version that includes authentication for critical functions.
As a temporary workaround, consider restricting access to the web interface of the affected devices until a patch is available.
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Unimo Digital Video Recorders