CVE-2023-30466

Authentication Bypass Vulnerability in Milesight Network Video Recorder (NVR)

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device.

Successful exploitation of this vulnerability could allow remote attacker to account takeover on the targeted device.

*Credits: This vulnerability is reported by Souvik Kandar and Arko Dhar from Redinent Innovations Engineering & Research Team, Karnataka, India.

CVSS Scores

NISTv3.1 9.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-04-10 CVE Reserved
2023-04-28 CVE Published
2024-08-02 CVE Updated
2024-10-08 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-640: Weak Password Recovery Mechanism for Forgotten Password

CAPEC

CAPEC-50: Password Recovery Exploitation

References (1)

URL	Tag	Source
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0121	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Milesight Search vendor "Milesight"	Ms-n5008-uc Firmware Search vendor "Milesight" for product "Ms-n5008-uc Firmware"	< 73.9.0.18-r2 Search vendor "Milesight" for product "Ms-n5008-uc Firmware" and version " < 73.9.0.18-r2"	-	Affected	in	Milesight Search vendor "Milesight"	Ms-n5008-uc Search vendor "Milesight" for product "Ms-n5008-uc"	-	-	Safe
Milesight Search vendor "Milesight"	Ms-n1008-unc Firmware Search vendor "Milesight" for product "Ms-n1008-unc Firmware"	< 73.9.0.18-r2 Search vendor "Milesight" for product "Ms-n1008-unc Firmware" and version " < 73.9.0.18-r2"	-	Affected	in	Milesight Search vendor "Milesight"	Ms-n1008-unc Search vendor "Milesight" for product "Ms-n1008-unc"	-	-	Safe
Milesight Search vendor "Milesight"	Ms-n1008-uc Firmware Search vendor "Milesight" for product "Ms-n1008-uc Firmware"	< 73.9.0.18-r2 Search vendor "Milesight" for product "Ms-n1008-uc Firmware" and version " < 73.9.0.18-r2"	-	Affected	in	Milesight Search vendor "Milesight"	Ms-n1008-uc Search vendor "Milesight" for product "Ms-n1008-uc"	-	-	Safe
Milesight Search vendor "Milesight"	Ms-n1004-uc Firmware Search vendor "Milesight" for product "Ms-n1004-uc Firmware"	< 73.9.0.18-r2 Search vendor "Milesight" for product "Ms-n1004-uc Firmware" and version " < 73.9.0.18-r2"	-	Affected	in	Milesight Search vendor "Milesight"	Ms-n1004-uc Search vendor "Milesight" for product "Ms-n1004-uc"	-	-	Safe
Milesight Search vendor "Milesight"	Ms-n5016-e Firmware Search vendor "Milesight" for product "Ms-n5016-e Firmware"	< 75.9.0.18-r2 Search vendor "Milesight" for product "Ms-n5016-e Firmware" and version " < 75.9.0.18-r2"	-	Affected	in	Milesight Search vendor "Milesight"	Ms-n5016-e Search vendor "Milesight" for product "Ms-n5016-e"	-	-	Safe
Milesight Search vendor "Milesight"	Ms-n5008-e Firmware Search vendor "Milesight" for product "Ms-n5008-e Firmware"	< 75.9.0.18-r2 Search vendor "Milesight" for product "Ms-n5008-e Firmware" and version " < 75.9.0.18-r2"	-	Affected	in	Milesight Search vendor "Milesight"	Ms-n5008-e Search vendor "Milesight" for product "Ms-n5008-e"	-	-	Safe
Milesight Search vendor "Milesight"	Ms-n7016-uh Firmware Search vendor "Milesight" for product "Ms-n7016-uh Firmware"	< 71.9.0.18-r2 Search vendor "Milesight" for product "Ms-n7016-uh Firmware" and version " < 71.9.0.18-r2"	-	Affected	in	Milesight Search vendor "Milesight"	Ms-n7016-uh Search vendor "Milesight" for product "Ms-n7016-uh"	-	-	Safe
Milesight Search vendor "Milesight"	Ms-n7032-uh Firmware Search vendor "Milesight" for product "Ms-n7032-uh Firmware"	< 71.9.0.18-r2 Search vendor "Milesight" for product "Ms-n7032-uh Firmware" and version " < 71.9.0.18-r2"	-	Affected	in	Milesight Search vendor "Milesight"	Ms-n7032-uh Search vendor "Milesight" for product "Ms-n7032-uh"	-	-	Safe
Milesight Search vendor "Milesight"	Ms-n8064-uh Firmware Search vendor "Milesight" for product "Ms-n8064-uh Firmware"	< 71.9.0.18-r2 Search vendor "Milesight" for product "Ms-n8064-uh Firmware" and version " < 71.9.0.18-r2"	-	Affected	in	Milesight Search vendor "Milesight"	Ms-n8064-uh Search vendor "Milesight" for product "Ms-n8064-uh"	-	-	Safe
Milesight Search vendor "Milesight"	Ms-n8032-uh Firmware Search vendor "Milesight" for product "Ms-n8032-uh Firmware"	< 71.9.0.18-r2 Search vendor "Milesight" for product "Ms-n8032-uh Firmware" and version " < 71.9.0.18-r2"	-	Affected	in	Milesight Search vendor "Milesight"	Ms-n8032-uh Search vendor "Milesight" for product "Ms-n8032-uh"	-	-	Safe
Milesight Search vendor "Milesight"	Ms-n1004-upc Firmware Search vendor "Milesight" for product "Ms-n1004-upc Firmware"	< 73.9.0.18-r2 Search vendor "Milesight" for product "Ms-n1004-upc Firmware" and version " < 73.9.0.18-r2"	-	Affected	in	Milesight Search vendor "Milesight"	Ms-n1004-upc Search vendor "Milesight" for product "Ms-n1004-upc"	-	-	Safe
Milesight Search vendor "Milesight"	Ms-n1008-upc Firmware Search vendor "Milesight" for product "Ms-n1008-upc Firmware"	< 73.9.0.18-r2 Search vendor "Milesight" for product "Ms-n1008-upc Firmware" and version " < 73.9.0.18-r2"	-	Affected	in	Milesight Search vendor "Milesight"	Ms-n1008-upc Search vendor "Milesight" for product "Ms-n1008-upc"	-	-	Safe
Milesight Search vendor "Milesight"	Ms-n1008-unpc Firmware Search vendor "Milesight" for product "Ms-n1008-unpc Firmware"	< 73.9.0.18-r2 Search vendor "Milesight" for product "Ms-n1008-unpc Firmware" and version " < 73.9.0.18-r2"	-	Affected	in	Milesight Search vendor "Milesight"	Ms-n1008-unpc Search vendor "Milesight" for product "Ms-n1008-unpc"	-	-	Safe
Milesight Search vendor "Milesight"	Ms-n5008-upc Firmware Search vendor "Milesight" for product "Ms-n5008-upc Firmware"	< 73.9.0.18-r2 Search vendor "Milesight" for product "Ms-n5008-upc Firmware" and version " < 73.9.0.18-r2"	-	Affected	in	Milesight Search vendor "Milesight"	Ms-n5008-upc Search vendor "Milesight" for product "Ms-n5008-upc"	-	-	Safe
Milesight Search vendor "Milesight"	Ms-n5016-pe Firmware Search vendor "Milesight" for product "Ms-n5016-pe Firmware"	< 75.9.0.18-r2 Search vendor "Milesight" for product "Ms-n5016-pe Firmware" and version " < 75.9.0.18-r2"	-	Affected	in	Milesight Search vendor "Milesight"	Ms-n5016-pe Search vendor "Milesight" for product "Ms-n5016-pe"	-	-	Safe
Milesight Search vendor "Milesight"	Ms-n5008-pe Firmware Search vendor "Milesight" for product "Ms-n5008-pe Firmware"	< 75.9.0.18-r2 Search vendor "Milesight" for product "Ms-n5008-pe Firmware" and version " < 75.9.0.18-r2"	-	Affected	in	Milesight Search vendor "Milesight"	Ms-n5008-pe Search vendor "Milesight" for product "Ms-n5008-pe"	-	-	Safe
Milesight Search vendor "Milesight"	Ms-n7016-uph Firmware Search vendor "Milesight" for product "Ms-n7016-uph Firmware"	< 71.9.0.18-r2 Search vendor "Milesight" for product "Ms-n7016-uph Firmware" and version " < 71.9.0.18-r2"	-	Affected	in	Milesight Search vendor "Milesight"	Ms-n7016-uph Search vendor "Milesight" for product "Ms-n7016-uph"	-	-	Safe
Milesight Search vendor "Milesight"	Ms-n7032-uph Firmware Search vendor "Milesight" for product "Ms-n7032-uph Firmware"	< 71.9.0.18-r2 Search vendor "Milesight" for product "Ms-n7032-uph Firmware" and version " < 71.9.0.18-r2"	-	Affected	in	Milesight Search vendor "Milesight"	Ms-n7032-uph Search vendor "Milesight" for product "Ms-n7032-uph"	-	-	Safe
Milesight Search vendor "Milesight"	Ms-n7048-uph Firmware Search vendor "Milesight" for product "Ms-n7048-uph Firmware"	< 71.9.0.18-r2 Search vendor "Milesight" for product "Ms-n7048-uph Firmware" and version " < 71.9.0.18-r2"	-	Affected	in	Milesight Search vendor "Milesight"	Ms-n7048-uph Search vendor "Milesight" for product "Ms-n7048-uph"	-	-	Safe
Milesight Search vendor "Milesight"		Ms-nxxxx-xxg Firmware Search vendor "Milesight" for product "Ms-nxxxx-xxg Firmware"				< 77.9.0.18-r2 Search vendor "Milesight" for product "Ms-nxxxx-xxg Firmware" and version " < 77.9.0.18-r2"		-		Affected
Milesight Search vendor "Milesight"		Ms-nxxxx-xxt Firmware Search vendor "Milesight" for product "Ms-nxxxx-xxt Firmware"				< 72.9.0.18-r2 Search vendor "Milesight" for product "Ms-nxxxx-xxt Firmware" and version " < 72.9.0.18-r2"		-		Affected