CVE-2023-30467 HIGH

CVE-2023-30467: Improper Authorization Vulnerability in Milesight Network Video Recorder (NVR)

Vendor Milesight

Product NVR MS-Nxxxx-xxG

Weakness CWE-285

Published April 28, 2023

Last update January 30, 2025

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to improper authorization at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device. Successful exploitation of this vulnerability could allow remote attacker to perform unauthorized activities on the targeted device.

Key dates

02Disclosure timeline

April 28, 2023 CVE published

January 30, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-30467 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/285.html

Related vulnerabilities

Identifiers

CVE CVE-2023-30467

CWE CWE-285

CVSS 7.5 / HIGH

Affected versions

Vendor Milesight

Product NVR MS-Nxxxx-xxG

Affected ≥ 77.X and < 77.9.0.18-r2

Vendor Milesight

Product NVR MS-Nxxxx-xxE

Affected ≥ 75.X and < 75.9.0.18-r2

Vendor Milesight

Product NVR MS-Nxxxx-xxT

Affected ≥ 72.X and < 72.9.0.18-r2

Vendor Milesight

Product NVR MS-Nxxxx-xxH

Affected ≥ 71.X and < 71.9.0.18-r2

Vendor Milesight

Product NVR MS-Nxxxx-xxC

Affected ≥ 73.X and < 73.9.0.18-r2

CVE-2023-30467: Improper Authorization Vulnerability in Milesight Network Video Recorder (NVR)

01Description

02Disclosure timeline

03References

04Related CVE