CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
68.9%
This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to improper authorization at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device.
Successful exploitation of this vulnerability could allow remote attacker to perform unauthorized activities on the targeted device.
Vendor | Product | Version | CPE |
---|---|---|---|
milesight | ms-n5008-uc_firmware | * | cpe:2.3:o:milesight:ms-n5008-uc_firmware:*:*:*:*:*:*:*:* |
milesight | ms-n5008-uc | - | cpe:2.3:h:milesight:ms-n5008-uc:-:*:*:*:*:*:*:* |
milesight | ms-n1008-unc_firmware | * | cpe:2.3:o:milesight:ms-n1008-unc_firmware:*:*:*:*:*:*:*:* |
milesight | ms-n1008-unc | - | cpe:2.3:h:milesight:ms-n1008-unc:-:*:*:*:*:*:*:* |
milesight | ms-n1008-uc_firmware | * | cpe:2.3:o:milesight:ms-n1008-uc_firmware:*:*:*:*:*:*:*:* |
milesight | ms-n1008-uc | - | cpe:2.3:h:milesight:ms-n1008-uc:-:*:*:*:*:*:*:* |
milesight | ms-n1004-uc_firmware | * | cpe:2.3:o:milesight:ms-n1004-uc_firmware:*:*:*:*:*:*:*:* |
milesight | ms-n1004-uc | - | cpe:2.3:h:milesight:ms-n1004-uc:-:*:*:*:*:*:*:* |
milesight | ms-n5016-e_firmware | * | cpe:2.3:o:milesight:ms-n5016-e_firmware:*:*:*:*:*:*:*:* |
milesight | ms-n5016-e | - | cpe:2.3:h:milesight:ms-n5016-e:-:*:*:*:*:*:*:* |
[
{
"defaultStatus": "unaffected",
"product": "NVR MS-Nxxxx-xxG",
"vendor": "Milesight",
"versions": [
{
"lessThan": "77.9.0.18-r2",
"status": "affected",
"version": "77.X",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NVR MS-Nxxxx-xxE",
"vendor": "Milesight",
"versions": [
{
"lessThan": "75.9.0.18-r2",
"status": "affected",
"version": "75.X",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NVR MS-Nxxxx-xxT",
"vendor": "Milesight",
"versions": [
{
"lessThan": "72.9.0.18-r2",
"status": "affected",
"version": "72.X",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NVR MS-Nxxxx-xxH ",
"vendor": "Milesight",
"versions": [
{
"lessThan": "71.9.0.18-r2",
"status": "affected",
"version": "71.X",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "NVR MS-Nxxxx-xxC",
"vendor": "Milesight",
"versions": [
{
"lessThan": "73.9.0.18-r2",
"status": "affected",
"version": "73.X",
"versionType": "custom"
}
]
}
]