A buffer overflow vulnerability found in the 7788 UDP port of some Uniview products.
CVSS v3 is adopted in this vulnerability scoring（http://www.first.org/cvss/specification-document）
Base score: 8.9 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H)
Temporal score: 7.7 (E:P/RL:O/RC:R)
To exploit this vulnerability, an attacker shall have access to 7788 UDP port of the device, otherwise the attack is impossible.
Please check if 7788 UDP port of the affected device is exposed directly to the Internet (WAN), which would give a potential attacker the ability to attack the device from the Internet.
For a device behind a router or a firewall, the router or the firewall will not map the vulnerable port (7788 UDP port) automatically or open it by default. So, so long as 7788 UDP port of the device is not mapped manually to the WAN, the device is not directly exposed to malicious attacks from the Internet.
Devices on the local area network (LAN) will not be directly attacked from the Internet.
Please configure your router or firewall to open a minimum set of ports to the internet (WAN) and keep only the necessary port mappings. Never set the device as the DMZ host or configure a full cone NAT.
Affected versions and fixed version:
|Affected Version||Fixed Version|
|QIPC-B918.104.22.168705 and earlier versions||QIPC-B922.214.171.124207 and later|
|QIPC-B8701.9.7.210705 and earlier versions||QIPC-B8701.10.7.211105 and later|
|IPC_Q6303-B0001P67D1907 and earlier versions||IPC_Q6303-B0001P68D1907 and later|
|QIPC-B6302.2.8.210907 and earlier versions||QIPC-B6302.2.10.211105 and later|
|QIPC-B6301.9.9.210828 and earlier versions||QIPC-B6301.9.11.211105 and later|
|QIPC-B2126.96.36.199928 and earlier versions||QIPC-B2188.8.131.52102 and later|
|QIPC-B2184.108.40.206827 and earlier versions||QIPC-B2220.127.116.11105 and later|
|QIPC-B118.104.22.168705 and earlier versions||QIPC-B122.214.171.124105 and later|
|QIPC-R1126.96.36.199705 and earlier versions||QIPC-R1188.8.131.52122 and later|
|QIPC-R1184.108.40.206705 and earlier versions||QIPC-R1220.127.116.11122 and later|
|QIPC-B118.104.22.168708 and earlier versions||QIPC-B122.214.171.124105 and later|
|QIPC-R1126.96.36.199705 and earlier versions||QIPC-R1188.8.131.52122 and later|
|HCMN-B2184.108.40.206705 and earlier versions||HCM-B2220.127.116.11105 and later|
|HCMN-R218.104.22.168705 and earlier versions||HCMN-R222.214.171.124122 and later|
|HCMN-R2126.96.36.199705 and earlier versions||HCMN-R2188.8.131.52122 and later|
|GIPC-B6184.108.40.206705 and earlier versions||GIPC-B6220.127.116.11122 and later|
|GIPC-B618.104.22.168705 and earlier versions||GIPC-B622.214.171.124122 and later|
|GIPC-B6126.96.36.199705 and earlier versions||GIPC-B6188.8.131.52122 and later|
|CIPC-B2302.3.35.210928 and earlier versions||CIPC-B2302.3.65.211102 and later|
|CIPC-B2301.5.35.210705 and earlier versions||CIPC-B2301.5.37.211122 and later|
|GIPC-B6184.108.40.206015 and earlier versions||GIPC-B6220.127.116.11028 and later|
|GIPC-B618.104.22.168924 and earlier versions||GIPC-B622.214.171.124028 and later|
|GIPC-B6126.96.36.199701 and earlier versions||GIPC-B6188.8.131.52118 and later|
|DIPC-B1184.108.40.206701 and earlier versions||DIPC-B1220.127.116.11118 and later|
|DIPC-B118.104.22.168922 and earlier versions||DIPC-B122.214.171.124118 and later|
|DIPC-B1126.96.36.199930 and earlier versions||DIPC-B1188.8.131.52210 and later|
|DIPC-B1184.108.40.206922 and earlier versions||DIPC-B1220.127.116.11208 and later|
|DIPC-B118.104.22.168103 and earlier versions||DIPC-B122.214.171.124210 and later|
|DIPC-B1126.96.36.199729 and earlier versions||DIPC-B1188.8.131.52210 and later|
|DIPC-B1184.108.40.206029 and earlier versions||DIPC-B1220.127.116.11209 and later|
|DIPC-B118.104.22.168021 and earlier versions||DIPC-B122.214.171.124210 and later|
|IPC_G6107-B0001P97D1806 and earlier versions||IPC_G6107-B0001P99D1806 and later|
|ANPR-B1126.96.36.199712 and earlier versions||ANPR-B1101.3.3.L01.211101 and later|
|QPTS-B2209.3.71.CLA002.210413 and earlier versions||QPTS-B2209.3.71.CLA005.211210 and later|
The attacker has access to 7788 udp port of the device.
Send a specially crafted message.
Obtaining fixed firmware：
Please use the repair versions for update. You may contact the distribution channel, Service Hotline or regional technical support for help.
Service Hotline/regional technical support:https://global.uniview.com/About_Us/Contact_Us/
Uniview products have the capability of cloud upgrade. Relevant repair versions can be obtained through cloud upgrade.
Source of vulnerability information:
Thank SSD Secure Disclosure for reporting this vulnerability.
Should you have any security issues or concerns with our products or solutions, please contact us at email@example.com.