Improper Authorization Vulnerability in Milesight Network Video Recorder (NVR)
CVE-2023-30467

7.5HIGH

Key Information:

Vendor: Milesight
Status: Nvr Ms-nxxxx-xxg; Nvr Ms-nxxxx-xxe; Nvr Ms-nxxxx-xxt; Nvr Ms-nxxxx-xxh
Vendor: CVE Published:; 28 April 2023

What is CVE-2023-30467?

A security vulnerability has been identified in the Milesight 4K/H.265 Series NVR models, arising from improper authorization processes in the web-based management interface. This flaw could potentially be exploited by remote attackers via specially crafted HTTP requests, enabling them to perform unauthorized actions on the affected devices. It is crucial for users to be aware of this vulnerability and ensure their systems are updated to mitigate possible risks.

Affected Version(s)

NVR MS-Nxxxx-xxC 73.X < 73.9.0.18-r2

NVR MS-Nxxxx-xxE 75.X < 75.9.0.18-r2

NVR MS-Nxxxx-xxG 77.X < 77.9.0.18-r2

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOT...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 28, 2023
Vulnerability Reserved
Apr 10, 2023

Credit

This vulnerability is reported by Souvik Kandar and Arko Dhar from Redinent Innovations Engineering & Research Team, Karnataka, India.

CVE-2023-30467 Data

JSON