CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32220 – Milesight NCR/Camera Authentication Bypass
https://notcve.org/view.php?id=CVE-2023-32220
Milesight NCR/camera version 71.8.0.6-r5 allows authentication bypass through an unspecified method. • https://www.gov.il/en/Departments/faq/cve_advisories • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-24505 – Milesight NCR/Camera CWE-200: Exposure of Sensitive Information
https://notcve.org/view.php?id=CVE-2023-24505
Milesight NCR/camera version 71.8.0.6-r5 discloses sensitive information through an unspecified request. • https://www.gov.il/en/Departments/faq/cve_advisories • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-24506 – Milesight NCR/Camera CWE-522: Insufficiently Protected Credentials
https://notcve.org/view.php?id=CVE-2023-24506
Milesight NCR/camera version 71.8.0.6-r5 exposes credentials through an unspecified request. • https://www.gov.il/en/Departments/faq/cve_advisories • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.8EPSS: 0%CPEs: 40EXPL: 0CVE-2023-30467 – Improper Authorization Vulnerability in Milesight Network Video Recorder (NVR)
https://notcve.org/view.php?id=CVE-2023-30467
This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to improper authorization at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device. Successful exploitation of this vulnerability could allow remote attacker to perform unauthorized activities on the targeted device. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0121 • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 40EXPL: 0CVE-2023-30466 – Authentication Bypass Vulnerability in Milesight Network Video Recorder (NVR)
https://notcve.org/view.php?id=CVE-2023-30466
This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device. Successful exploitation of this vulnerability could allow remote attacker to account takeover on the targeted device. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0121 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •