Vulnerability Description
This vulnerability exists in Milesight Video Management Systems (VMS), all firmware versions prior to 40.7.0.79-r1, due to improper input handling at camera’s web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the targeted network camera. Successful exploitation of this vulnerability could allow the attacker to cause a Denial of Service condition on the targeted device.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Milesight | Video Management Systems Firmware | < 40.7.0.79 |
| Milesight | Video Management Systems | - |
Related Weaknesses (CWE)
References
- https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2022-0Third Party Advisory
- https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2022-0Third Party Advisory
FAQ
What is CVE-2022-3001?
CVE-2022-3001 is a vulnerability with a CVSS score of 7.5 (HIGH). This vulnerability exists in Milesight Video Management Systems (VMS), all firmware versions prior to 40.7.0.79-r1, due to improper input handling at camera’s web-based management interface. A remote ...
How severe is CVE-2022-3001?
CVE-2022-3001 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-3001?
Check the references section above for vendor advisories and patch information. Affected products include: Milesight Video Management Systems Firmware, Milesight Video Management Systems.