Redinent Researchers discovered a Denial of Service Vulnerability in Milesight IP Cameras and VMS.

The vulnerability exists due to improper input handling by the camera’s web management interface.

Timeline for coordinated disclosure (2022)

20th Feb – Vulnerability Discovered
9th March – Vulnerability Disclosed to CERT

2nd August – Response from CERT stating Milesight has asked about affected product and model details

12th September – Milesight confirms the vulnerability
16th September – CVE-2022-3001 published.

References:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3001

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2022-0352

https://vulmon.com/vulnerabilitydetails?qid=CVE-2022-3001&scoretype=cvssv3

Redinent customers using Milesight Video products are advised to contact their Redinent service partner to update their version of Redinent product and their firmware.