PT-2023-22707 · Milesight · Milesight 4K/H.265 Series Nvr
Arko Dhar
+1
·
Published
2023-04-28
·
Updated
2023-05-05
·
CVE-2023-30467
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC) (affected versions not specified)
Description
This issue is due to improper authorization at the Milesight NVR web-based management interface. A remote attacker could exploit this by sending specially crafted http requests on the targeted device. Successful exploitation could allow a remote attacker to perform unauthorized activities on the targeted device.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Incorrect Authorization
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Milesight 4K/H.265 Series Nvr