CVE-2023-3705 HIGH

CVE-2023-3705: Information Disclosure Vulnerability in CP-Plus Network Video Recorder

Vendor Aditya Infotech Limited

Product CP-VNR-3104, CP-VNR-3108, CP-VNR-3208

Weakness CWE-200 · Info exposure

Published August 24, 2023

Last update October 2, 2024

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

The vulnerability exists in CP-Plus NVR due to an improper input handling at the web-based management interface of the affected product. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the remote attacker to obtain sensitive information on the targeted device.

Key dates

02Disclosure timeline

August 24, 2023 CVE published

October 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-3705

Related vulnerabilities

Identifiers

CVE CVE-2023-3705

CWE CWE-200

CVSS 7.5 / HIGH

Affected versions