CVE-2023-0773 CRITICAL

CVE-2023-0773: Unauthorized Access Control Vulnerability in Uniview IP Camera

Vendor Uniview
Product Uniview IP Camera IPC322LB-SF28-A
Weakness CWE-287 · Improper authentication
Published September 19, 2023
Last update September 25, 2024

CVSS base score

9.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

What the vulnerability does

01Description

The vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to gain complete control of the targeted device.

Key dates

02Disclosure timeline

September 19, 2023 CVE published
September 25, 2024 Record updated