Critical Vulnerability – Uniview Camera
SEVERITY: CRITICAL
Redinent Researchers discovered Authentication Bypass Vulnerability in Uniview Cameras.
Technical Details: The vulnerability exists in Uniview Cameras due to a weak password reset mechanism at the web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device.
The weak password reset mechanism involves insecure restrictions on password reset form that can be modified by the attacker using a crafted in-browser code manipulation.
Affected Versions
Product Name Affected Versions
https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm
Uniview has released a version to fix the vulnerability.
CVE ID: CVE-2023-0773
Uniview Advisory: https://global.uniview.com/About_Us/Security/Notice/202309/976482_140493_0.htm
The coordinated disclosure timeline:
- December 20 2022 – Vulnerability discovered by Redinent researchers.
- December 29 2022 – Vulnerability reported by Redinent to CERT India.
- September 18 2023 – CVE assigned. OEM releases global advisory.
