Overview
- Description
- This vulnerability exists in Milesight Video Management Systems (VMS), all firmware versions prior to 40.7.0.79-r1, due to improper input handling at camera’s web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the targeted network camera. Successful exploitation of this vulnerability could allow the attacker to cause a Denial of Service condition on the targeted device.
- Source
- vdisclose@cert-in.org.in
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:milesight:video_management_systems:-:*:*:*:enterprise:*:*:*",
"vulnerable": false,
"matchCriteriaId": "59426D14-93A6-492A-BF7F-29E6F03A05F6"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:milesight:video_management_systems_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "44F7227E-E73F-4F33-BDF4-8DB49E7AAD97",
"versionEndExcluding": "40.7.0.79"
},
{
"criteria": "cpe:2.3:o:milesight:video_management_systems_firmware:40.7.0.79:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AA621C44-CEF9-46DE-87BF-E33ABD8ECBC0"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]