SA ID: USRC-202309-01
Some Uniview IPC products have access control vulnerabilities, where attackers may modify device user credentials by sending specifically crafted packets.
Risk assessment: The HTTP port does not automatically map to the Internet. If user does not configure the Internet router or other networking devices to map the HTTP port to the Internet, attackers cannot directly attack through the Internet, and devices on the Local Area Network (LAN) or private network will not be directly targeted by malicious attacks from Internet attackers.
CVE ID： CVE-2023-0773
CVSS v3 is adopted in this vulnerability scoring (http://www.first.org/cvss/specification-document)
Base score: 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)
Temporal score: 7.9 (E:P/RL:O/RC:R)
Affected versions and fixed versions:
CIPC-B2303.2.8.230105 and earlier
CIPC-B2303.3.3.230322 and later
DIPC-B1188.8.131.52215 and earlier
DIPC-B1184.108.40.206315 and later
DIPC-B1220.127.116.11109 and earlier
DIPC-B118.104.22.168315 and later
DIPC-B122.214.171.124202 and earlier
DIPC-B1126.96.36.199315 and later
DIPC-B1188.8.131.52223 and earlier
DIPC-B1184.108.40.206309 and later
DIPC-B1220.127.116.11123 and earlier
DIPC-B118.104.22.168315 and later
DIPC-B122.214.171.124105 and earlier
DIPC-B1126.96.36.199315 and later
DIPC-B1188.8.131.52019 and earlier
DIPC-B1184.108.40.206221 and later
DIPC-B1220.127.116.11123 and earlier
DIPC-B118.104.22.168324 and later
DIPC-B122.214.171.124207 and earlier
DIPC-B1126.96.36.199324 and later
DIPC-B1188.8.131.52104 and earlier
DIPC-B1184.108.40.206515 and later
Obtaining fixed version:
Please obtain the fixed version and upgrade. You may contact your local dealer, Uniview service hotline, or regional technical support for assistance.
Products with cloud upgrade capabilities can obtain the fixed version through cloud upgrade.
Source of vulnerability information:
Thanks to Indian Computer Emergency Response Team for reporting these vulnerabilities.
If you have any security issues or concerns regarding our products or solutions, please contact us at firstname.lastname@example.org