CVE-2023-30467 Information

Description

This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG MS-Nxxxx-xxE MS-Nxxxx-xxT MS-Nxxxx-xxH and MS-Nxxxx-xxC) due to improper authorization at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device.

Successful exploitation of this vulnerability could allow remote attacker to perform unauthorized activities on the targeted device.

Reference

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0121