Cp Uvr 1601E1 Hc Firmware
CVE-2023-3704
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
The vulnerability exists in CP-Plus DVR due to an improper input validation within the web-based management interface of the affected products. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device.
Successful exploitation of this vulnerability could allow the remote attacker to change system time of the targeted device.
AnalysisAI
The vulnerability exists in CP-Plus DVR due to an improper input validation within the web-based management interface of the affected products. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-20. The vulnerability exists in CP-Plus DVR due to an improper input validation within the web-based management interface of the affected products. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the remote attacker to change system time of the targeted device. Affected products include: Cpplusworld Cp-Uvr-1601E1-Hc Firmware, Cpplusworld Cp-Uvr-0401L1-4Kh Firmware, Cpplusworld Cp-Uvr-0401L1B-4Kh Firmware, Cpplusworld Cp-Uvr-0801F1-Hc Firmware, Cpplusworld Cp-Uvr-0801K1-H Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today