{ "id": "CVE-2023-3704", "sourceIdentifier": "vdisclose@cert-in.org.in", "published": "2023-08-24T07:15:11.670", "lastModified": "2023-09-01T17:12:08.027", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The vulnerability exists in CP-Plus DVR due to an improper input validation within the web-based management interface of the affected products. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device.\n\nSuccessful exploitation of this vulnerability could allow the remote attacker to change system time of the targeted device.\n" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 3.9, "impactScore": 1.4 }, { "source": "vdisclose@cert-in.org.in", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 3.9, "impactScore": 1.4 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-20" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cpplusworld:cp-uvr-1601e1-hc_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.000.00at008.0.0.r20230302", "matchCriteriaId": "F50BFF3B-3529-46A3-B929-CACB95B006E7" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cpplusworld:cp-uvr-1601e1-hc:-:*:*:*:*:*:*:*", "matchCriteriaId": "84A45779-48D1-4595-A197-6CBB7EEC6121" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cpplusworld:cp-uvr-0401l1-4kh_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.000.00at008.0.0.r20230302", "matchCriteriaId": "C056636C-386E-441F-9674-AD952512B2DB" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cpplusworld:cp-uvr-0401l1-4kh:-:*:*:*:*:*:*:*", "matchCriteriaId": "2A3D4B69-934D-42D0-BA62-E9E0EDC44F2E" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cpplusworld:cp-uvr-0401l1b-4kh_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.000.00at008.0.0.r20230302", "matchCriteriaId": "B953B765-2340-4932-96E5-FD325046B16E" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cpplusworld:cp-uvr-0401l1b-4kh:-:*:*:*:*:*:*:*", "matchCriteriaId": "6838A98D-2C8F-4184-AB97-C332E63B8467" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cpplusworld:cp-uvr-0801f1-hc_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.000.00at008.0.0.r20230302", "matchCriteriaId": "8C2699B2-0EF7-4F71-867B-A606BC81E629" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cpplusworld:cp-uvr-0801f1-hc:-:*:*:*:*:*:*:*", "matchCriteriaId": "5F3E8529-C7EC-49A6-8956-3DDA9EB0A311" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cpplusworld:cp-uvr-0801k1-h_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.000.00at008.0.0.r20230302", "matchCriteriaId": "471365C3-84D0-4B8B-84A5-36BDE78CDA2A" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cpplusworld:cp-uvr-0801k1-h:-:*:*:*:*:*:*:*", "matchCriteriaId": "AB06A051-0017-4D7C-B0AB-8D549A534062" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cpplusworld:cp-uvr-0801k1b-h_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.000.00at008.0.0.r20230302", "matchCriteriaId": "B61D25A0-8FE8-4F5D-A15E-97F27DC24D4F" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cpplusworld:cp-uvr-0801k1b-h:-:*:*:*:*:*:*:*", "matchCriteriaId": "1CF0A8A0-84F9-411A-AC0F-4B8B4B804CF9" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cpplusworld:cp-uvr-0808k1-h_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.000.00at008.0.0.r20230302", "matchCriteriaId": "424EFCC3-244B-46A2-B229-DA8D0CC5B899" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cpplusworld:cp-uvr-0808k1-h:-:*:*:*:*:*:*:*", "matchCriteriaId": "79D02BBE-2CE9-4408-A2AD-D4968F56F445" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cpplusworld:cp-uvr-1601e1-h_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.000.00at008.0.0.r20230302", "matchCriteriaId": "54C23340-21A7-4E6C-BEF0-FABB766DCA58" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cpplusworld:cp-uvr-1601e1-h:-:*:*:*:*:*:*:*", "matchCriteriaId": "6535FC29-B508-4811-9BFB-513DBE17F01E" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cpplusworld:cp-uvr-1601e2-h_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.000.00at008.0.0.r20230302", "matchCriteriaId": "176C02FF-444E-4170-844F-33BEAD0575DB" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cpplusworld:cp-uvr-1601e2-h:-:*:*:*:*:*:*:*", "matchCriteriaId": "5FFC9164-EBE3-42CE-B3A3-D45FF042A5F6" } ] } ] } ], "references": [ { "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0240", "source": "vdisclose@cert-in.org.in", "tags": [ "Vendor Advisory" ] } ] }