CVE-2023-3704 MEDIUM

CVE-2023-3704: Timestamp Modification Vulnerability in CP-Plus Digital Video Recorder

Vendor Aditya Infotech Limited
Product CP-UVR-1601E1-HC, CP-UVR-1601E2-H, CP-UVR-1601E1-H, CP-UVR-0801F1-HC, CP-UVR-0801K1-H, CP-UVR-0801K1B-H, CP-UVR-0808K1-H, CP-UVR-0401L1-4KH, CP-UVR-0401L1B-4KH
Published August 24, 2023
Last update October 4, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

The vulnerability exists in CP-Plus DVR due to an improper input validation within the web-based management interface of the affected products. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the remote attacker to change system time of the targeted device.

Key dates

02Disclosure timeline

August 24, 2023 CVE published
October 4, 2024 Record updated