CVE-2024-3850
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
4.8 Medium
CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
ACTIVE
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/SC:L/VI:L/SI:L/VA:N/SA:N
0.0004 Low
EPSS
Percentile
14.1%
Uniview NVR301-04S2-P4 is vulnerable to reflected cross-site scripting attack (XSS). An attacker could send a user a URL that if clicked on could execute malicious JavaScript in their browser. This vulnerability also requires authentication before it can be exploited, so the scope and severity is limited. Also, even if JavaScript is executed, no additional benefits are obtained.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| uniview:nvr301-04s2-p4_firmware | uniview nvr301-04s2-p4 firmware | lt | nvr-b3801.20.17.240507 |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "NVR301-04S2-P4",
"vendor": "Uniview",
"versions": [
{
"lessThan": "NVR-B3801.20.17.240507",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
4.8 Medium
CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
ACTIVE
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/SC:L/VI:L/SI:L/VA:N/SA:N
0.0004 Low
EPSS
Percentile
14.1%