CVE-2023-0773 : Security Advisory and Response
CVE-2023-0773 allows remote attackers unauthorized access to Uniview IP Camera. High severity with CVSSv3.1 score of 9.1. Mitigation steps provided.
This CVE-2023-0773 was assigned by CERT-In on February 10, 2023, and was published on September 19, 2023. The vulnerability affects the Uniview IP Camera.
Understanding CVE-2023-0773
CVE-2023-0773 is an unauthorized access control vulnerability found in Uniview IP Camera. This vulnerability allows remote attackers to exploit identification and authentication failure in the camera's web-based management interface.
What is CVE-2023-0773?
The vulnerability in Uniview IP Camera stems from a flaw in its web-based management interface, where attackers can send specially crafted HTTP requests to the device. This exploit can grant complete control of the targeted device to the attacker.
The Impact of CVE-2023-0773
The impact of CVE-2023-0773 is categorized under CAPEC-22, "Exploiting Trust in Client." With a CVSSv3.1 base score of 9.1 (Critical), the vulnerability poses a high availability impact and high confidentiality impact. It requires no privileges and has a low attack complexity.
Technical Details of CVE-2023-0773
The vulnerability falls under CWE-287, "Improper Authentication," and affects certain versions of the Uniview IP Camera, as mentioned below.
Vulnerability Description
The flaw allows attackers to bypass authentication in the web interface, gaining unauthorized access to the IP Camera's functionalities and data.
Affected Systems and Versions
The affected product is the Uniview IP Camera IPC322LB-SF28-A. Specific custom versions like CIPC-B2303.X.X.XXXXXX, DIPC-B1213.X.X.XXXXXX, DIPC-B1216.X.X.XXXXXX, and others are impacted.
Exploitation Mechanism
Remote attackers exploit this vulnerability by sending malicious HTTP requests to the vulnerable Uniview IP Camera, ultimately gaining control over the device.
Mitigation and Prevention
To address CVE-2023-0773 and enhance security, consider the following mitigation steps and long-term practices.
Immediate Steps to Take
- Ensure Uniview IP Camera firmware is up to date.
- Implement network access controls to restrict unauthorized access.
Long-Term Security Practices
- Regularly monitor and update all connected devices.
- Deploy security solutions that can detect and prevent unauthorized access attempts.
Patching and Updates
Refer to the vendor's advisory and follow the provided solutions from Uniview to patch the vulnerability effectively.