CVE-2023-30466 Information

Description

This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG MS-Nxxxx-xxE MS-Nxxxx-xxT MS-Nxxxx-xxH and MS-Nxxxx-xxC) due to a weak password reset mechanism at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device.

Successful exploitation of this vulnerability could allow remote attacker to account takeover on the targeted device.

Reference

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0121