CVE-2023-3705

The vulnerability exists in CP-Plus NVR due to an improper input handling at the web-based management interface of the affected product. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the remote attacker to obtain sensitive information on the targeted device.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:cpplusworld:cp-vnr-3104_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cpplusworld:cp-vnr-3104:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:cpplusworld:cp-vnr-3108_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cpplusworld:cp-vnr-3108:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:cpplusworld:cp-vnr-3208_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cpplusworld:cp-vnr-3208:-:*:*:*:*:*:*:*

History

02 Oct 2024, 21:35

Type Values Removed Values Added
CWE CWE-20

31 Aug 2023, 00:37

Type Values Removed Values Added
CWE NVD-CWE-noinfo
CPE cpe:2.3:o:cpplusworld:cp-vnr-3208_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cpplusworld:cp-vnr-3208:-:*:*:*:*:*:*:*
cpe:2.3:o:cpplusworld:cp-vnr-3108_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cpplusworld:cp-vnr-3104_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cpplusworld:cp-vnr-3108:-:*:*:*:*:*:*:*
cpe:2.3:h:cpplusworld:cp-vnr-3104:-:*:*:*:*:*:*:*
First Time Cpplusworld cp-vnr-3208 Firmware
Cpplusworld cp-vnr-3208
Cpplusworld cp-vnr-3108 Firmware
Cpplusworld cp-vnr-3104 Firmware
Cpplusworld cp-vnr-3108
Cpplusworld
Cpplusworld cp-vnr-3104
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
References (MISC) https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0239 - (MISC) https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0239 - Patch, Third Party Advisory

24 Aug 2023, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-24 08:15

Updated : 2024-10-02 21:35


NVD link : CVE-2023-3705

Mitre link : CVE-2023-3705

CVE.ORG link : CVE-2023-3705


JSON object : View

Products Affected

cpplusworld

  • cp-vnr-3208_firmware
  • cp-vnr-3104
  • cp-vnr-3108_firmware
  • cp-vnr-3208
  • cp-vnr-3104_firmware
  • cp-vnr-3108
CWE
NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-20

Improper Input Validation