The vulnerability exists in CP-Plus NVR due to an improper input handling at the web-based management interface of the affected product. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device.
Successful exploitation of this vulnerability could allow the remote attacker to obtain sensitive information on the targeted device.
References
Link | Resource |
---|---|
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0239 | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
02 Oct 2024, 21:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-20 |
31 Aug 2023, 00:37
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo | |
CPE | cpe:2.3:o:cpplusworld:cp-vnr-3208_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:cpplusworld:cp-vnr-3208:-:*:*:*:*:*:*:* cpe:2.3:o:cpplusworld:cp-vnr-3108_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:cpplusworld:cp-vnr-3104_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:cpplusworld:cp-vnr-3108:-:*:*:*:*:*:*:* cpe:2.3:h:cpplusworld:cp-vnr-3104:-:*:*:*:*:*:*:* |
|
First Time |
Cpplusworld cp-vnr-3208 Firmware
Cpplusworld cp-vnr-3208 Cpplusworld cp-vnr-3108 Firmware Cpplusworld cp-vnr-3104 Firmware Cpplusworld cp-vnr-3108 Cpplusworld Cpplusworld cp-vnr-3104 |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
References | (MISC) https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0239 - Patch, Third Party Advisory |
24 Aug 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-24 08:15
Updated : 2024-10-02 21:35
NVD link : CVE-2023-3705
Mitre link : CVE-2023-3705
CVE.ORG link : CVE-2023-3705
JSON object : View
Products Affected
cpplusworld
- cp-vnr-3208_firmware
- cp-vnr-3104
- cp-vnr-3108_firmware
- cp-vnr-3208
- cp-vnr-3104_firmware
- cp-vnr-3108
CWE
NVD-CWE-noinfo
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-20Improper Input Validation