Design/Logic Flaw

2023-04-2811:15:00

PRIOn knowledge base

www.prio-n.com

milesight

nvr

vulnerability

password reset

remote attacker

account takeover

web-based interface

http request

9.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.9%

JSON

This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device.

Successful exploitation of this vulnerability could allow remote attacker to account takeover on the targeted device.

CPENameOperatorVersion
ms-n1004-uc_firmwareeq< 73.9.0.18-r2
ms-n1004-upc_firmwareeq< 73.9.0.18-r2
ms-n1008-uc_firmwareeq< 73.9.0.18-r2
ms-n1008-unc_firmwareeq< 73.9.0.18-r2
ms-n1008-unpc_firmwareeq< 73.9.0.18-r2
ms-n1008-upc_firmwareeq< 73.9.0.18-r2
ms-n5008-e_firmwareeq< 75.9.0.18-r2
ms-n5008-pe_firmwareeq< 75.9.0.18-r2
ms-n5008-uc_firmwareeq< 73.9.0.18-r2
ms-n5008-upc_firmwareeq< 73.9.0.18-r2

Name	Operator	Version
ms-n1004-uc_firmware	eq	< 73.9.0.18-r2
ms-n1004-upc_firmware	eq	< 73.9.0.18-r2
ms-n1008-uc_firmware	eq	< 73.9.0.18-r2
ms-n1008-unc_firmware	eq	< 73.9.0.18-r2
ms-n1008-unpc_firmware	eq	< 73.9.0.18-r2
ms-n1008-upc_firmware	eq	< 73.9.0.18-r2
ms-n5008-e_firmware	eq	< 75.9.0.18-r2
ms-n5008-pe_firmware	eq	< 75.9.0.18-r2
ms-n5008-uc_firmware	eq	< 73.9.0.18-r2
ms-n5008-upc_firmware	eq	< 73.9.0.18-r2