CVE-2023-30466
Summary
| CVE | CVE-2023-30466 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-04-28 11:15:00 UTC |
| Updated | 2023-05-05 17:27:00 UTC |
| Description | This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device. Successful exploitation of this vulnerability could allow remote attacker to account takeover on the targeted device. |
Risk And Classification
Problem Types: CWE-640
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Milesight | Ms-n1004-uc | - | All | All | All |
| Operating System | Milesight | Ms-n1004-uc Firmware | All | All | All | All |
| Hardware | Milesight | Ms-n1004-upc | - | All | All | All |
| Operating System | Milesight | Ms-n1004-upc Firmware | All | All | All | All |
| Hardware | Milesight | Ms-n1008-uc | - | All | All | All |
| Operating System | Milesight | Ms-n1008-uc Firmware | All | All | All | All |
| Hardware | Milesight | Ms-n1008-unc | - | All | All | All |
| Operating System | Milesight | Ms-n1008-unc Firmware | All | All | All | All |
| Hardware | Milesight | Ms-n1008-unpc | - | All | All | All |
| Operating System | Milesight | Ms-n1008-unpc Firmware | All | All | All | All |
| Hardware | Milesight | Ms-n1008-upc | - | All | All | All |
| Operating System | Milesight | Ms-n1008-upc Firmware | All | All | All | All |
| Hardware | Milesight | Ms-n5008-e | - | All | All | All |
| Operating System | Milesight | Ms-n5008-e Firmware | All | All | All | All |
| Hardware | Milesight | Ms-n5008-pe | - | All | All | All |
| Operating System | Milesight | Ms-n5008-pe Firmware | All | All | All | All |
| Hardware | Milesight | Ms-n5008-uc | - | All | All | All |
| Operating System | Milesight | Ms-n5008-uc Firmware | All | All | All | All |
| Hardware | Milesight | Ms-n5008-upc | - | All | All | All |
| Operating System | Milesight | Ms-n5008-upc Firmware | All | All | All | All |
| Hardware | Milesight | Ms-n5016-e | - | All | All | All |
| Operating System | Milesight | Ms-n5016-e Firmware | All | All | All | All |
| Hardware | Milesight | Ms-n5016-pe | - | All | All | All |
| Operating System | Milesight | Ms-n5016-pe Firmware | All | All | All | All |
| Hardware | Milesight | Ms-n7016-uh | - | All | All | All |
| Operating System | Milesight | Ms-n7016-uh Firmware | All | All | All | All |
| Hardware | Milesight | Ms-n7016-uph | - | All | All | All |
| Operating System | Milesight | Ms-n7016-uph Firmware | All | All | All | All |
| Hardware | Milesight | Ms-n7032-uh | - | All | All | All |
| Operating System | Milesight | Ms-n7032-uh Firmware | All | All | All | All |
| Hardware | Milesight | Ms-n7032-uph | - | All | All | All |
| Operating System | Milesight | Ms-n7032-uph Firmware | All | All | All | All |
| Hardware | Milesight | Ms-n7048-uph | - | All | All | All |
| Operating System | Milesight | Ms-n7048-uph Firmware | All | All | All | All |
| Hardware | Milesight | Ms-n8032-uh | - | All | All | All |
| Operating System | Milesight | Ms-n8032-uh Firmware | All | All | All | All |
| Hardware | Milesight | Ms-n8064-uh | - | All | All | All |
| Operating System | Milesight | Ms-n8064-uh Firmware | All | All | All | All |
| Operating System | Milesight | Ms-nxxxx-xxg Firmware | All | All | All | All |
| Operating System | Milesight | Ms-nxxxx-xxt Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cert-In - Home Page | MISC | www.cert-in.org.in | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.