CVE-2024-3850

Name of the Vulnerable Software and Affected Versions Uniview NVR301-04S2-P4

Description The issue is related to a reflected cross-site scripting attack (XSS), where an attacker could send a user a URL that, if clicked, could execute malicious JavaScript in their browser. This issue requires authentication before it can be exploited, limiting its scope and severity. Even if JavaScript is executed, no additional benefits are obtained for the attacker.

Recommendations For Uniview NVR301-04S2-P4, consider disabling access to potentially vulnerable API endpoints until a patch is available. Restrict access to sensitive areas of the application that may be susceptible to XSS attacks. Avoid using links from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.