Redinent Researchers discovered a Denial of Service Vulnerability in Milesight IP Cameras and VMS.
The vulnerability exists due to improper input handling by the camera’s web management interface.
Timeline for coordinated disclosure (2022)
20th Feb – Vulnerability Discovered
9th March – Vulnerability Disclosed to CERT
2nd August – Response from CERT stating Milesight has asked about affected product and model details
12th September – Milesight confirms the vulnerability
16th September – CVE-2022-3001 published.
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3001
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2022-0352
https://vulmon.com/vulnerabilitydetails?qid=CVE-2022-3001&scoretype=cvssv3
Redinent customers using Milesight Video products are advised to contact their Redinent service partner to update their version of Redinent product and their firmware.