Lucene search

MitreCVE-2023-48121

HistoryNov 28, 2023 - 7:15 p.m.

CVE-2023-48121

2023-11-2819:15:07

CWE-287

mitre

web.nvd.nist.gov

cve-2023-48121

authentication bypass

vulnerability

ezviz

direct connection module

remote attackers

sensitive information

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

38.3%

JSON

An authentication bypass vulnerability in the Direct Connection Module in Ezviz CS-C6N-xxx prior to v5.3.x build 20230401, Ezviz CS-CV310-xxx prior to v5.3.x build 20230401, Ezviz CS-C6CN-xxx prior to v5.3.x build 20230401, Ezviz CS-C3N-xxx prior to v5.3.x build 20230401 allows remote attackers to obtain sensitive information by sending crafted messages to the affected devices.

Affected configurations

Nvd

Node

ezvizcs-c6n-a0-1c2wfrMatch-

AND

ezvizcs-c6n-a0-1c2wfr_firmwareMatch-

Node

ezvizcs-cv310-a0-1c2wfrMatch-

AND

ezvizcs-cv310-a0-1c2wfr_firmwareMatch-

Node

ezvizcs-c6cn-a0-3h2wfrMatch-

AND

ezvizcs-c6cn-a0-3h2wfr_firmwareMatch-

Node

ezvizcs-c3n-a0-3h2wfrlMatch-

AND

ezvizcs-c3n-a0-3h2wfrl_firmwareMatch-

VendorProductVersionCPE
ezvizcs-c6n-a0-1c2wfr-cpe:2.3:h:ezviz:cs-c6n-a0-1c2wfr:-:*:*:*:*:*:*:*
ezvizcs-c6n-a0-1c2wfr_firmware-cpe:2.3:o:ezviz:cs-c6n-a0-1c2wfr_firmware:-:*:*:*:*:*:*:*
ezvizcs-cv310-a0-1c2wfr-cpe:2.3:h:ezviz:cs-cv310-a0-1c2wfr:-:*:*:*:*:*:*:*
ezvizcs-cv310-a0-1c2wfr_firmware-cpe:2.3:o:ezviz:cs-cv310-a0-1c2wfr_firmware:-:*:*:*:*:*:*:*
ezvizcs-c6cn-a0-3h2wfr-cpe:2.3:h:ezviz:cs-c6cn-a0-3h2wfr:-:*:*:*:*:*:*:*
ezvizcs-c6cn-a0-3h2wfr_firmware-cpe:2.3:o:ezviz:cs-c6cn-a0-3h2wfr_firmware:-:*:*:*:*:*:*:*
ezvizcs-c3n-a0-3h2wfrl-cpe:2.3:h:ezviz:cs-c3n-a0-3h2wfrl:-:*:*:*:*:*:*:*
ezvizcs-c3n-a0-3h2wfrl_firmware-cpe:2.3:o:ezviz:cs-c3n-a0-3h2wfrl_firmware:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ezviz	cs-c6n-a0-1c2wfr	-	cpe:2.3:h:ezviz:cs-c6n-a0-1c2wfr:-:::::::*
ezviz	cs-c6n-a0-1c2wfr_firmware	-	cpe:2.3:o:ezviz:cs-c6n-a0-1c2wfr_firmware:-:::::::*
ezviz	cs-cv310-a0-1c2wfr	-	cpe:2.3:h:ezviz:cs-cv310-a0-1c2wfr:-:::::::*
ezviz	cs-cv310-a0-1c2wfr_firmware	-	cpe:2.3:o:ezviz:cs-cv310-a0-1c2wfr_firmware:-:::::::*
ezviz	cs-c6cn-a0-3h2wfr	-	cpe:2.3:h:ezviz:cs-c6cn-a0-3h2wfr:-:::::::*
ezviz	cs-c6cn-a0-3h2wfr_firmware	-	cpe:2.3:o:ezviz:cs-c6cn-a0-3h2wfr_firmware:-:::::::*
ezviz	cs-c3n-a0-3h2wfrl	-	cpe:2.3:h:ezviz:cs-c3n-a0-3h2wfrl:-:::::::*
ezviz	cs-c3n-a0-3h2wfrl_firmware	-	cpe:2.3:o:ezviz:cs-c3n-a0-3h2wfrl_firmware:-:::::::*

References

joerngermany.github.io/ezviz_vulnerability/

www.ezviz.com/data-security/security-notice/detail/911

www.hikvision.com/hk/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-products/

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

38.3%

JSON

Related for CVE-2023-48121