CVE-2023-30466 - OpenCVE

This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device. Successful exploitation of this vulnerability could allow remote attacker to account takeover on the targeted device.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Milesight	Ms-n7032-uph Ms-n7016-uph Firmware Ms-n5008-upc Ms-n7016-uph Ms-n1004-upc Ms-n1004-upc Firmware Ms-n1008-unc Firmware Ms-n1008-unc Ms-n5016-pe Firmware Ms-n5008-pe Ms-n7048-uph Firmware Ms-n7048-uph Ms-n1004-uc Firmware Ms-nxxxx-xxt Firmware Ms-nxxxx-xxg Firmware Ms-n7032-uh Firmware Ms-n1008-upc Ms-n5008-pe Firmware Ms-n7032-uph Firmware Ms-n1008-uc Firmware Ms-n8064-uh Firmware Ms-n5016-pe Ms-n8064-uh Ms-n1004-uc Ms-n8032-uh Ms-n5008-uc Ms-n5016-e Firmware Ms-n8032-uh Firmware Ms-n5008-uc Firmware Ms-n5016-e Ms-n5008-upc Firmware Ms-n5008-e Ms-n5008-e Firmware Ms-n1008-unpc Firmware Ms-n7032-uh Ms-n7016-uh Firmware Ms-n1008-unpc Ms-n1008-uc Ms-n1008-upc Firmware Ms-n7016-uh

Configuration 1 [-]

AND

cpe:2.3:o:milesight:ms-n5008-uc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ms-n5008-uc:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:milesight:ms-n1008-unc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ms-n1008-unc:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:milesight:ms-n1008-uc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ms-n1008-uc:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:milesight:ms-n1004-uc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ms-n1004-uc:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:milesight:ms-n5016-e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ms-n5016-e:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:milesight:ms-n5008-e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ms-n5008-e:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:milesight:ms-n7016-uh_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ms-n7016-uh:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:milesight:ms-n7032-uh_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ms-n7032-uh:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:milesight:ms-n8064-uh_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ms-n8064-uh:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:milesight:ms-n8032-uh_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ms-n8032-uh:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:milesight:ms-n1004-upc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ms-n1004-upc:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:milesight:ms-n1008-upc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ms-n1008-upc:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:milesight:ms-n1008-unpc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ms-n1008-unpc:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:milesight:ms-n5008-upc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ms-n5008-upc:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:milesight:ms-n5016-pe_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ms-n5016-pe:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:milesight:ms-n5008-pe_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ms-n5008-pe:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:milesight:ms-n7016-uph_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ms-n7016-uph:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:milesight:ms-n7032-uph_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ms-n7032-uph:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:milesight:ms-n7048-uph_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ms-n7048-uph:-:*:*:*:*:*:*:*

Configuration 20 [-]

OR	cpe:2.3:o:milesight:ms-nxxxx-xxg_firmware::::::::
	cpe:2.3:o:milesight:ms-nxxxx-xxt_firmware::::::::

References

Link	Resource
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0121	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: CERT-In

Published: 2023-04-28T10:06:26.684Z

Updated: 2023-04-28T10:06:26.684Z

Reserved: 2023-04-10T10:20:17.200Z

Link: CVE-2023-30466

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-04-28T11:15:08.987

Modified: 2023-05-05T17:27:07.267

Link: CVE-2023-30466

JSON object: View

Redhat Information

No data.

CWE

CWE-640