The vulnerability exists in CP-Plus NVR due to an improper input handling at the web-based management interface of the affected product. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device.
Successful exploitation of this vulnerability could allow the remote attacker to obtain sensitive information on the targeted device.
References
Link | Resource |
---|---|
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0239 | Patch Third Party Advisory |
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0239 | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
21 Nov 2024, 08:17
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0239 - Patch, Third Party Advisory |
02 Oct 2024, 21:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-20 |
31 Aug 2023, 00:37
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0239 - Patch, Third Party Advisory | |
CWE | NVD-CWE-noinfo | |
CPE | cpe:2.3:o:cpplusworld:cp-vnr-3208_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:cpplusworld:cp-vnr-3208:-:*:*:*:*:*:*:* cpe:2.3:o:cpplusworld:cp-vnr-3108_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:cpplusworld:cp-vnr-3104_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:cpplusworld:cp-vnr-3108:-:*:*:*:*:*:*:* cpe:2.3:h:cpplusworld:cp-vnr-3104:-:*:*:*:*:*:*:* |
|
First Time |
Cpplusworld cp-vnr-3208 Firmware
Cpplusworld cp-vnr-3208 Cpplusworld cp-vnr-3108 Firmware Cpplusworld cp-vnr-3104 Firmware Cpplusworld cp-vnr-3108 Cpplusworld Cpplusworld cp-vnr-3104 |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
24 Aug 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-24 08:15
Updated : 2024-11-21 08:17
NVD link : CVE-2023-3705
Mitre link : CVE-2023-3705
CVE.ORG link : CVE-2023-3705
JSON object : View
Products Affected
cpplusworld
- cp-vnr-3208_firmware
- cp-vnr-3108
- cp-vnr-3104_firmware
- cp-vnr-3208
- cp-vnr-3108_firmware
- cp-vnr-3104
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
NVD-CWE-noinfo CWE-20Improper Input Validation