CVE-2023-30467 - OpenCVE

This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to improper authorization at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device. Successful exploitation of this vulnerability could allow remote attacker to perform unauthorized activities on the targeted device.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Milesight	Ms-n7032-uph Ms-n7016-uph Firmware Ms-n5008-upc Ms-n7016-uph Ms-n1004-upc Ms-n1004-upc Firmware Ms-n1008-unc Firmware Ms-n1008-unc Ms-n5016-pe Firmware Ms-n5008-pe Ms-n7048-uph Firmware Ms-n7048-uph Ms-n1004-uc Firmware Ms-nxxxx-xxt Firmware Ms-nxxxx-xxg Firmware Ms-n7032-uh Firmware Ms-n1008-upc Ms-n5008-pe Firmware Ms-n7032-uph Firmware Ms-n1008-uc Firmware Ms-n8064-uh Firmware Ms-n5016-pe Ms-n8064-uh Ms-n1004-uc Ms-n8032-uh Ms-n5008-uc Ms-n5016-e Firmware Ms-n8032-uh Firmware Ms-n5008-uc Firmware Ms-n5016-e Ms-n5008-upc Firmware Ms-n5008-e Ms-n5008-e Firmware Ms-n1008-unpc Firmware Ms-n7032-uh Ms-n7016-uh Firmware Ms-n1008-unpc Ms-n1008-uc Ms-n1008-upc Firmware Ms-n7016-uh

Configuration 1 [-]

AND

cpe:2.3:o:milesight:ms-n5008-uc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ms-n5008-uc:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:milesight:ms-n1008-unc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ms-n1008-unc:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:milesight:ms-n1008-uc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ms-n1008-uc:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:milesight:ms-n1004-uc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ms-n1004-uc:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:milesight:ms-n5016-e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ms-n5016-e:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:milesight:ms-n5008-e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ms-n5008-e:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:milesight:ms-n7016-uh_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ms-n7016-uh:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:milesight:ms-n7032-uh_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ms-n7032-uh:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:milesight:ms-n8064-uh_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ms-n8064-uh:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:milesight:ms-n8032-uh_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ms-n8032-uh:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:milesight:ms-n1004-upc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ms-n1004-upc:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:milesight:ms-n1008-upc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ms-n1008-upc:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:milesight:ms-n1008-unpc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ms-n1008-unpc:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:milesight:ms-n5008-upc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ms-n5008-upc:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:milesight:ms-n5016-pe_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ms-n5016-pe:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:milesight:ms-n5008-pe_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ms-n5008-pe:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:milesight:ms-n7016-uph_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ms-n7016-uph:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:milesight:ms-n7032-uph_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ms-n7032-uph:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:milesight:ms-n7048-uph_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:milesight:ms-n7048-uph:-:*:*:*:*:*:*:*

Configuration 20 [-]

OR	cpe:2.3:o:milesight:ms-nxxxx-xxg_firmware::::::::
	cpe:2.3:o:milesight:ms-nxxxx-xxt_firmware::::::::

References

Link	Resource
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0121	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: CERT-In

Published: 2023-04-28T10:12:11.694Z

Updated: 2023-04-28T10:12:11.694Z

Reserved: 2023-04-10T10:20:17.201Z

Link: CVE-2023-30467

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-04-28T11:15:09.040

Modified: 2023-05-05T17:57:32.067

Link: CVE-2023-30467

JSON object: View

Redhat Information

No data.

CWE