First published: Fri Apr 28 2023(Updated: )
This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device. Successful exploitation of this vulnerability could allow remote attacker to account takeover on the targeted device.
Credit: vdisclose@cert-in.org.in
Affected Software | Affected Version | How to fix |
---|---|---|
Milesight ms-n5008-uc firmware | <73.9.0.18-r2 | |
Milesight ms-n5008-uc firmware | ||
Milesight ms-n1008-unc firmware | <73.9.0.18-r2 | |
Milesight ms-n1008-unc firmware | ||
Milesight MS-N1008-UC Firmware | <73.9.0.18-r2 | |
Milesight ms-n1008-uc firmware | ||
Milesight MS-N1004-UC | <73.9.0.18-r2 | |
Milesight MS-N1004-UC Firmware | ||
Milesight MS-N5016-E Firmware | <75.9.0.18-r2 | |
Milesight ms-n5016-e firmware | ||
Milesight MS-N5008-E | <75.9.0.18-r2 | |
Milesight ms-n5008-e firmware | ||
Milesight ms-n7016-uh firmware | <71.9.0.18-r2 | |
Milesight ms-n7016-uh firmware | ||
Milesight ms-n7032-uh firmware | <71.9.0.18-r2 | |
Milesight ms-n7032-uh firmware | ||
Milesight ms-n8064-uh firmware | <71.9.0.18-r2 | |
Milesight ms-n8064-uh firmware | ||
Milesight MS-N8032-UH Firmware | <71.9.0.18-r2 | |
Milesight ms-n8032-uh firmware | ||
Milesight MS-N1004-UC | <73.9.0.18-r2 | |
Milesight MS-N1004-UC | ||
Milesight MS-N1008 UPC | <73.9.0.18-r2 | |
Milesight MS-N1008 UPC | ||
Milesight MS-N1008-UNPC | <73.9.0.18-r2 | |
Milesight MS-N1008-UNPC | ||
Milesight ms-n5008-upc firmware | <73.9.0.18-r2 | |
Milesight ms-n5008-upc firmware | ||
Milesight MS-N5016-PE | <75.9.0.18-r2 | |
Milesight MS-N5016-PE | ||
Milesight MS-N5008-PE | <75.9.0.18-r2 | |
Milesight MS-N5008-PE Firmware | ||
Milesight ms-n7016-uph firmware | <71.9.0.18-r2 | |
Milesight ms-n7016-uph firmware | ||
Milesight ms-n7032-uph | <71.9.0.18-r2 | |
Milesight MS-N7032-UPH | ||
Milesight ms-n7048-uph firmware | <71.9.0.18-r2 | |
Milesight ms-n7048-uph firmware | ||
Milesight MS-Nxxxx-xxG firmware | <77.9.0.18-r2 | |
Milesight MS-Nxxxx Firmware | <72.9.0.18-r2 |
Update Milesight NVR firmware to latest version https://www.milesight.com/support/download/firmware https://www.milesight.com/support/download/firmware
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-30466 is considered to be high due to the potential for remote exploitation.
To fix CVE-2023-30466, update the firmware of your Milesight NVR to the latest version that addresses the weak password reset mechanism.
CVE-2023-30466 affects multiple models of Milesight NVR, including the MS-N5008-UC, MS-N1008-UC, and MS-N1004-UC among others.
CVE-2023-30466 is a vulnerability associated with a weak password reset mechanism that can be exploited by remote attackers.
Yes, CVE-2023-30466 can be exploited remotely, allowing attackers to gain unauthorized access to the affected devices.