// For flags

CVE-2022-3001

Vulnerability in Milesight Video Management Systems (VMS)

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

This vulnerability exists in Milesight Video Management Systems (VMS), all firmware versions prior to 40.7.0.79-r1, due to improper input handling at camera’s web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the targeted network camera. Successful exploitation of this vulnerability could allow the attacker to cause a Denial of Service condition on the targeted device.

Esta vulnerabilidad se presenta en Milesight Video Management Systems (VMS), en todas las versiones de firmware anteriores a 40.7.0.79-r1, debido a un manejo inapropiado de las entradas en la interfaz de administración basada en web de la cámara. Un atacante remoto podría explotar esta vulnerabilidad mediante el envío de una petición http especialmente diseñada en la cámara de red objetivo. Una explotación con éxito de esta vulnerabilidad podría permitir al atacante causar una condición de denegación de servicio en el dispositivo objetivo

*Credits: This vulnerability is reported by Souvik Kandar and Arko Dhar from Redinent Innovations Engineering & Research Team, Karnataka, India
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-08-26 CVE Reserved
  • 2022-09-15 CVE Published
  • 2024-04-06 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Milesight
Search vendor "Milesight"
Video Management Systems Firmware
Search vendor "Milesight" for product "Video Management Systems Firmware"
< 40.7.0.79
Search vendor "Milesight" for product "Video Management Systems Firmware" and version " < 40.7.0.79"
-
Affected
in Milesight
Search vendor "Milesight"
Video Management Systems
Search vendor "Milesight" for product "Video Management Systems"
-enterprise
Safe
Milesight
Search vendor "Milesight"
Video Management Systems Firmware
Search vendor "Milesight" for product "Video Management Systems Firmware"
40.7.0.79
Search vendor "Milesight" for product "Video Management Systems Firmware" and version "40.7.0.79"
-
Affected
in Milesight
Search vendor "Milesight"
Video Management Systems
Search vendor "Milesight" for product "Video Management Systems"
-enterprise
Safe