CVE-2022-3001
Vulnerability in Milesight Video Management Systems (VMS)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
This vulnerability exists in Milesight Video Management Systems (VMS), all firmware versions prior to 40.7.0.79-r1, due to improper input handling at camera’s web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the targeted network camera. Successful exploitation of this vulnerability could allow the attacker to cause a Denial of Service condition on the targeted device.
Esta vulnerabilidad se presenta en Milesight Video Management Systems (VMS), en todas las versiones de firmware anteriores a 40.7.0.79-r1, debido a un manejo inapropiado de las entradas en la interfaz de administración basada en web de la cámara. Un atacante remoto podría explotar esta vulnerabilidad mediante el envío de una petición http especialmente diseñada en la cámara de red objetivo. Una explotación con éxito de esta vulnerabilidad podría permitir al atacante causar una condición de denegación de servicio en el dispositivo objetivo
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-08-26 CVE Reserved
- 2022-09-15 CVE Published
- 2024-04-06 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2022-0352 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Milesight Search vendor "Milesight" | Video Management Systems Firmware Search vendor "Milesight" for product "Video Management Systems Firmware" | < 40.7.0.79 Search vendor "Milesight" for product "Video Management Systems Firmware" and version " < 40.7.0.79" | - |
Affected
| in | Milesight Search vendor "Milesight" | Video Management Systems Search vendor "Milesight" for product "Video Management Systems" | - | enterprise |
Safe
|
Milesight Search vendor "Milesight" | Video Management Systems Firmware Search vendor "Milesight" for product "Video Management Systems Firmware" | 40.7.0.79 Search vendor "Milesight" for product "Video Management Systems Firmware" and version "40.7.0.79" | - |
Affected
| in | Milesight Search vendor "Milesight" | Video Management Systems Search vendor "Milesight" for product "Video Management Systems" | - | enterprise |
Safe
|