CVE-2023-30466 — CRITICAL (9.8)

Q: How severe is CVE-2023-30466?

CVE-2023-30466 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2023-30466?

Check the references section above for vendor advisories and patch information. Affected products include: Milesight Ms-N5008-Uc Firmware, Milesight Ms-N5008-Uc, Milesight Ms-N1008-Unc Firmware, Milesight Ms-N1008-Unc, Milesight Ms-N1008-Uc Firmware.

Vulnerability Description

This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device. Successful exploitation of this vulnerability could allow remote attacker to account takeover on the targeted device.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Milesight	Ms-N5008-Uc Firmware	< 73.9.0.18-r2
Milesight	Ms-N5008-Uc	-
Milesight	Ms-N1008-Unc Firmware	< 73.9.0.18-r2
Milesight	Ms-N1008-Unc	-
Milesight	Ms-N1008-Uc Firmware	< 73.9.0.18-r2
Milesight	Ms-N1008-Uc	-
Milesight	Ms-N1004-Uc Firmware	< 73.9.0.18-r2
Milesight	Ms-N1004-Uc	-
Milesight	Ms-N5016-E Firmware	< 75.9.0.18-r2
Milesight	Ms-N5016-E	-
Milesight	Ms-N5008-E Firmware	< 75.9.0.18-r2
Milesight	Ms-N5008-E	-
Milesight	Ms-N7016-Uh Firmware	< 71.9.0.18-r2
Milesight	Ms-N7016-Uh	-
Milesight	Ms-N7032-Uh Firmware	< 71.9.0.18-r2
Milesight	Ms-N7032-Uh	-
Milesight	Ms-N8064-Uh Firmware	< 71.9.0.18-r2
Milesight	Ms-N8064-Uh	-
Milesight	Ms-N8032-Uh Firmware	< 71.9.0.18-r2
Milesight	Ms-N8032-Uh	-

Related Weaknesses (CWE)

CWE-640

References

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0Third Party Advisory
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0Third Party Advisory

FAQ

What is CVE-2023-30466?

CVE-2023-30466 is a vulnerability with a CVSS score of 9.8 (CRITICAL). This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight NVR...

How severe is CVE-2023-30466?

CVE-2023-30466 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2023-30466?

Check the references section above for vendor advisories and patch information. Affected products include: Milesight Ms-N5008-Uc Firmware, Milesight Ms-N5008-Uc, Milesight Ms-N1008-Unc Firmware, Milesight Ms-N1008-Unc, Milesight Ms-N1008-Uc Firmware.