CVE-2023-30467

Improper Authorization Vulnerability in Milesight Network Video Recorder (NVR)

Description

This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to improper authorization at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device. Successful exploitation of this vulnerability could allow remote attacker to perform unauthorized activities on the targeted device.

Remediation

Solution:

Update Milesight NVR firmware to latest version https://www.milesight.com/support/download/firmware https://www.milesight.com/support/download/firmware

References

Link	Tags
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0121	third party advisory

Frequently Asked Questions

What is the severity of CVE-2023-30467?: CVE-2023-30467 has been scored as a high severity vulnerability.
How to fix CVE-2023-30467?: To fix CVE-2023-30467: Update Milesight NVR firmware to latest version https://www.milesight.com/support/download/firmware https://www.milesight.com/support/download/firmware
Is CVE-2023-30467 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2023-30467 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-30467?: CVE-2023-30467 affects Milesight NVR MS-Nxxxx-xxG, Milesight NVR MS-Nxxxx-xxE, Milesight NVR MS-Nxxxx-xxT, Milesight NVR MS-Nxxxx-xxH , Milesight NVR MS-Nxxxx-xxC.

Description

Remediation

Categories

CWE-285 – Improper Authorization

CWE-863 – Incorrect Authorization

References

Frequently Asked Questions