CVE-2023-48121 - OpenCVE

An authentication bypass vulnerability in the Direct Connection Module in Ezviz CS-C6N-xxx prior to v5.3.x build 20230401, Ezviz CS-CV310-xxx prior to v5.3.x build 20230401, Ezviz CS-C6CN-xxx prior to v5.3.x build 20230401, Ezviz CS-C3N-xxx prior to v5.3.x build 20230401 allows remote attackers to obtain sensitive information by sending crafted messages to the affected devices.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Ezviz	Cs-c6cn-a0-3h2wfr Cs-c3n-a0-3h2wfrl Cs-cv310-a0-1c2wfr Cs-c6cn-a0-3h2wfr Firmware Cs-cv310-a0-1c2wfr Firmware Cs-c6n-a0-1c2wfr Firmware Cs-c3n-a0-3h2wfrl Firmware Cs-c6n-a0-1c2wfr

Configuration 1 [-]

AND

cpe:2.3:o:ezviz:cs-c6n-a0-1c2wfr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ezviz:cs-c6n-a0-1c2wfr:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:ezviz:cs-cv310-a0-1c2wfr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ezviz:cs-cv310-a0-1c2wfr:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:ezviz:cs-c6cn-a0-3h2wfr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ezviz:cs-c6cn-a0-3h2wfr:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:ezviz:cs-c3n-a0-3h2wfrl_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ezviz:cs-c3n-a0-3h2wfrl:-:*:*:*:*:*:*:*

References

Link	Resource
https://joerngermany.github.io/ezviz_vulnerability/
https://www.ezviz.com/data-security/security-notice/detail/911	Vendor Advisory
https://www.hikvision.com/hk/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-products/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-11-28T00:00:00

Updated: 2024-01-09T14:00:18.554382

Reserved: 2023-11-13T00:00:00

Link: CVE-2023-48121

JSON object: View

NVD Information

Status : Modified

Published: 2023-11-28T19:15:07.340

Modified: 2024-01-09T14:15:46.100

Link: CVE-2023-48121

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ezviz:cs-c6n-a0-1c2wfr_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "B4E67D11-B412-4EBB-BF79-EAE8BE4721C2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ezviz:cs-c6n-a0-1c2wfr:-:*:*:*:*:*:*:*", "matchCriteriaId": "5F7B9244-BE9E-4F6F-99E3-A08B46C4559E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ezviz:cs-cv310-a0-1c2wfr_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "748FC543-B134-4B4D-B4D2-E14060C1A64B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ezviz:cs-cv310-a0-1c2wfr:-:*:*:*:*:*:*:*", "matchCriteriaId": "A9181568-193B-4BF7-9A11-B7A031065934", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ezviz:cs-c6cn-a0-3h2wfr_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "06E27881-67A5-4AA3-A6A3-D533BC51BD66", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ezviz:cs-c6cn-a0-3h2wfr:-:*:*:*:*:*:*:*", "matchCriteriaId": "733F085E-29B9-44C6-834F-9B13B95AECDB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ezviz:cs-c3n-a0-3h2wfrl_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "C9288594-76DC-4212-91AE-6A59F1F10310", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ezviz:cs-c3n-a0-3h2wfrl:-:*:*:*:*:*:*:*", "matchCriteriaId": "264CF01C-CF57-457B-8433-B2CFD6CF25DF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability in the Direct Connection Module in Ezviz CS-C6N-xxx prior to v5.3.x build 20230401, Ezviz CS-CV310-xxx prior to v5.3.x build 20230401, Ezviz CS-C6CN-xxx prior to v5.3.x build 20230401, Ezviz CS-C3N-xxx prior to v5.3.x build 20230401 allows remote attackers to obtain sensitive information by sending crafted messages to the affected devices."}, {"lang": "es", "value": "Una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en Direct Connection Module en Ezviz CS-C6N-xxx anterior a v5.3.x compilaci\u00f3n 20230401, Ezviz CS-CV310-xxx anterior a v5.3.x compilaci\u00f3n 20230401, Ezviz CS-C6CN-xxx anterior a v5.3.x compilaci\u00f3n 20230401, Ezviz CS-C3N-xxx anterior a v5.3.x compilaci\u00f3n 20230401 permite a atacantes remotos obtener informaci\u00f3n confidencial enviando mensajes manipulados a los dispositivos afectados."}], "id": "CVE-2023-48121", "lastModified": "2024-01-09T14:15:46.100", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-28T19:15:07.340", "references": [{"source": "cve@mitre.org", "url": "https://joerngermany.github.io/ezviz_vulnerability/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.ezviz.com/data-security/security-notice/detail/911"}, {"source": "cve@mitre.org", "url": "https://www.hikvision.com/hk/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-products/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}