CVE-2023-3704

Published Aug 24, 2023

Last updated a year ago

CVSS medium 5.3

Overview

Description: The vulnerability exists in CP-Plus DVR due to an improper input validation within the web-based management interface of the affected products. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the remote attacker to change system time of the targeted device.
Source: vdisclose@cert-in.org.in
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cpplusworld:cp-uvr-1601e1-hc_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F50BFF3B-3529-46A3-B929-CACB95B006E7",
            "versionEndExcluding": "4.000.00at008.0.0.r20230302"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cpplusworld:cp-uvr-1601e1-hc:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "84A45779-48D1-4595-A197-6CBB7EEC6121"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cpplusworld:cp-uvr-0401l1-4kh_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C056636C-386E-441F-9674-AD952512B2DB",
            "versionEndExcluding": "4.000.00at008.0.0.r20230302"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cpplusworld:cp-uvr-0401l1-4kh:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2A3D4B69-934D-42D0-BA62-E9E0EDC44F2E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cpplusworld:cp-uvr-0401l1b-4kh_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B953B765-2340-4932-96E5-FD325046B16E",
            "versionEndExcluding": "4.000.00at008.0.0.r20230302"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cpplusworld:cp-uvr-0401l1b-4kh:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6838A98D-2C8F-4184-AB97-C332E63B8467"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cpplusworld:cp-uvr-0801f1-hc_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C2699B2-0EF7-4F71-867B-A606BC81E629",
            "versionEndExcluding": "4.000.00at008.0.0.r20230302"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cpplusworld:cp-uvr-0801f1-hc:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5F3E8529-C7EC-49A6-8956-3DDA9EB0A311"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cpplusworld:cp-uvr-0801k1-h_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "471365C3-84D0-4B8B-84A5-36BDE78CDA2A",
            "versionEndExcluding": "4.000.00at008.0.0.r20230302"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cpplusworld:cp-uvr-0801k1-h:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AB06A051-0017-4D7C-B0AB-8D549A534062"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cpplusworld:cp-uvr-0801k1b-h_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B61D25A0-8FE8-4F5D-A15E-97F27DC24D4F",
            "versionEndExcluding": "4.000.00at008.0.0.r20230302"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cpplusworld:cp-uvr-0801k1b-h:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1CF0A8A0-84F9-411A-AC0F-4B8B4B804CF9"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cpplusworld:cp-uvr-0808k1-h_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "424EFCC3-244B-46A2-B229-DA8D0CC5B899",
            "versionEndExcluding": "4.000.00at008.0.0.r20230302"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cpplusworld:cp-uvr-0808k1-h:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "79D02BBE-2CE9-4408-A2AD-D4968F56F445"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cpplusworld:cp-uvr-1601e1-h_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "54C23340-21A7-4E6C-BEF0-FABB766DCA58",
            "versionEndExcluding": "4.000.00at008.0.0.r20230302"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cpplusworld:cp-uvr-1601e1-h:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6535FC29-B508-4811-9BFB-513DBE17F01E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cpplusworld:cp-uvr-1601e2-h_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "176C02FF-444E-4170-844F-33BEAD0575DB",
            "versionEndExcluding": "4.000.00at008.0.0.r20230302"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cpplusworld:cp-uvr-1601e2-h:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5FFC9164-EBE3-42CE-B3A3-D45FF042A5F6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References