CVE-2023-0773 Vulnerability Details

  /     /     /  

CVE-2023-0773 Metadata Quick Info

CVE Published: 19/09/2023 | CVE Updated: 25/09/2024 | CVE Year: 2023
Source: CERT-In | Vendor: Uniview | Product: Uniview IP Camera IPC322LB-SF28-A
Status : PUBLISHED

---

CVE-2023-0773 Description

The vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to gain complete control of the targeted device.

Metrics

CVSS Version: 3.1 | Base Score: 9.1 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* NONE
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-287
CWE Name: CWE-287 Improper Authentication
Source: Uniview

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-22
CAPEC Description: CAPEC-22 Exploiting Trust in Client


Source: NVD (National Vulnerability Database).