CVE-2024-3850 - OpenCVE

Uniview NVR301-04S2-P4 is vulnerable to reflected cross-site scripting attack (XSS). An attacker could send a user a URL that if clicked on could execute malicious JavaScript in their browser. This vulnerability also requires authentication before it can be exploited, so the scope and severity is limited. Also, even if JavaScript is executed, no additional benefits are obtained.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Uniview	Nvr301-04s2-p4 Nvr301-04s2-p4 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:uniview:nvr301-04s2-p4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:uniview:nvr301-04s2-p4:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-156-01	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2024-06-10T16:46:42.766Z

Updated: 2024-06-10T16:46:42.766Z

Reserved: 2024-04-15T19:49:14.162Z

Link: CVE-2024-3850

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-06-10T17:16:33.080

Modified: 2024-06-12T18:12:56.413

Link: CVE-2024-3850

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3850", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2024-04-15T19:49:14.162Z", "datePublished": "2024-06-10T16:46:42.766Z", "dateUpdated": "2024-06-10T16:46:42.766Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "NVR301-04S2-P4", "vendor": "Uniview", "versions": [{"lessThan": "NVR-B3801.20.17.240507", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "CISA discovered a public Proof of Concept (PoC) as authored by Bleron Rrustemi and reported it to Uniview."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Uniview NVR301-04S2-P4 is vulnerable to reflected cross-site scripting attack (XSS). An attacker could send a user a URL that if clicked on could execute malicious JavaScript in their browser. This vulnerability also requires authentication before it can be exploited, so the scope and severity is limited. Also, even if JavaScript is executed, no additional benefits are obtained.</span>\n\n"}], "value": "Uniview NVR301-04S2-P4 is vulnerable to reflected cross-site scripting attack (XSS). An attacker could send a user a URL that if clicked on could execute malicious JavaScript in their browser. This vulnerability also requires authentication before it can be exploited, so the scope and severity is limited. Also, even if JavaScript is executed, no additional benefits are obtained."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 4.8, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross-site Scripting", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2024-06-10T16:46:42.766Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-156-01"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Uniview encourages users to obtain the fixed version, Uniview NVR-B3801.20.17.240507, and update. You may contact your local dealer, </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.uniview.com/Support/Service_Hotline/\">Uniview Service Hotline</a><span style=\"background-color: rgb(255, 255, 255);\">, or regional technical support for assistance.</span>\n\n<br>"}], "value": "Uniview encourages users to obtain the fixed version, Uniview NVR-B3801.20.17.240507, and update. You may contact your local dealer, Uniview Service Hotline https://www.uniview.com/Support/Service_Hotline/ , or regional technical support for assistance."}], "source": {"advisory": "ICSA-24-156-01", "discovery": "EXTERNAL"}, "title": "Uniview NVR301-04S2-P4 Cross-site Scripting", "x_generator": {"engine": "Vulnogram 0.2.0"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:uniview:nvr301-04s2-p4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "087BD43C-9237-4C7D-923E-0CFAA2A5E976", "versionEndExcluding": "nvr-b3801.20.17.240507", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:uniview:nvr301-04s2-p4:-:*:*:*:*:*:*:*", "matchCriteriaId": "5CD63D99-65D2-4E52-BFD4-10D317D941D9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Uniview NVR301-04S2-P4 is vulnerable to reflected cross-site scripting attack (XSS). An attacker could send a user a URL that if clicked on could execute malicious JavaScript in their browser. This vulnerability also requires authentication before it can be exploited, so the scope and severity is limited. Also, even if JavaScript is executed, no additional benefits are obtained."}, {"lang": "es", "value": "Uniview NVR301-04S2-P4 es vulnerable al ataque de Cross-Site Scripting (XSS) reflejado. Un atacante podr\u00eda enviar a un usuario una URL que, si se hace clic en ella, podr\u00eda ejecutar JavaScript malicioso en su navegador. Esta vulnerabilidad tambi\u00e9n requiere autenticaci\u00f3n antes de poder explotarse, por lo que el alcance y la gravedad son limitados. Adem\u00e1s, aunque se ejecute JavaScript no se obtienen beneficios adicionales."}], "id": "CVE-2024-3850", "lastModified": "2024-06-12T18:12:56.413", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2024-06-10T17:16:33.080", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-156-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}