Security Notice
Security Notice – Buffer Overflow Vulnerability

SA ID:USRC-202112-01
First Published:2021-12-22
A buffer overflow vulnerability found in the 7788 UDP port of some Uniview products.
CVE ID:CVE-2021-45039
CVSS v3 is adopted in this vulnerability scoring(http://www.first.org/cvss/specification-document)
Base score: 8.9 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H)
Temporal score: 7.7 (E:P/RL:O/RC:R)
Risks Evaluated:
To exploit this vulnerability, an attacker shall have access to 7788 UDP port of the device, otherwise the attack is impossible.
Please check if 7788 UDP port of the affected device is exposed directly to the Internet (WAN), which would give a potential attacker the ability to attack the device from the Internet.
For a device behind a router or a firewall, the router or the firewall will not map the vulnerable port (7788 UDP port) automatically or open it by default. So, so long as 7788 UDP port of the device is not mapped manually to the WAN, the device is not directly exposed to malicious attacks from the Internet.
Devices on the local area network (LAN) will not be directly attacked from the Internet.
Please configure your router or firewall to open a minimum set of ports to the internet (WAN) and keep only the necessary port mappings. Never set the device as the DMZ host or configure a full cone NAT.

Affected versions and fixed version:

Affected Version Fixed Version
QIPC-B9101.6.7.210705 and earlier versionsQIPC-B9101.7.8.211207 and later
QIPC-B8701.9.7.210705 and earlier versionsQIPC-B8701.10.7.211105 and later
IPC_Q6303-B0001P67D1907 and earlier versionsIPC_Q6303-B0001P68D1907 and later
QIPC-B6302.2.8.210907 and earlier versionsQIPC-B6302.2.10.211105 and later
QIPC-B6301.9.9.210828 and earlier versionsQIPC-B6301.9.11.211105 and later
QIPC-B2202.3.35.210928 and earlier versionsQIPC-B2202.3.65.211102 and later
QIPC-B2201.9.12.210827 and earlier versionsQIPC-B2201.10.7.211105 and later
QIPC-B1208.7.7.210705 and earlier versionsQIPC-B1208.8.7.211105 and later
QIPC-R1207.8.35.210705 and earlier versionsQIPC-R1207.8.37.211122 and later
QIPC-R1206.9.32.210705 and earlier versionsQIPC-R1206.9.36.211122 and later
QIPC-B1203.16.7.210708 and earlier versionsQIPC-B1203.16.8.211105 and later
QIPC-R1201.30.36.210705 and earlier versionsQIPC-R1201.30.38.211122 and later
HCMN-B2201.6.7.210705 and earlier versionsHCM-B2201.7.7.211105 and later
HCMN-R2108.13.35.210705 and earlier versionsHCMN-R2108.13.37.211122 and later
HCMN-R2103.28.36.210705 and earlier versionsHCMN-R2103.28.38.211122 and later
GIPC-B6106.8.40.210705 and earlier versionsGIPC-B6106.8.42.211122 and later
GIPC-B6103.16.35.210705 and earlier versionsGIPC-B6103.16.37.211122 and later
GIPC-B6102.26.39.210705 and earlier versionsGIPC-B6102.26.41.211122 and later
CIPC-B2302.3.35.210928 and earlier versionsCIPC-B2302.3.65.211102 and later
CIPC-B2301.5.35.210705 and earlier versionsCIPC-B2301.5.37.211122 and later
GIPC-B6202.5.38.211015 and earlier versionsGIPC-B6202.5.65.211028 and later
GIPC-B6203.3.33.210924 and earlier versionsGIPC-B6203.3.65.211028 and later
GIPC-B6110.5.6.210701 and earlier versionsGIPC-B6110.5.10.211118 and later
DIPC-B1209.6.6.210701 and earlier versionsDIPC-B1209.6.10.211118 and later
DIPC-B1211.6.12.210922 and earlier versionsDIPC-B1211.6.15.211118 and later
DIPC-B1213.2.62.210930 and earlier versionsDIPC-B1213.2.66.211210 and later
DIPC-B1216.2.60.210922 and earlier versionsDIPC-B1216.2.63.211208 and later
DIPC-B1221.1.69.211103 and earlier versionsDIPC-B1221.1.72.211210 and later
DIPC-B1222.1.62.210729 and earlier versionsDIPC-B1222.1.66.211210 and later
DIPC-B1223.1.72.211029 and earlier versionsDIPC-B1223.1.78.211209 and later
DIPC-B1225.1.63.211021 and earlier versionsDIPC-B1225.1.67.211210 and later
IPC_G6107-B0001P97D1806 and earlier versionsIPC_G6107-B0001P99D1806 and later
ANPR-B1101.3.3.210712 and earlier versionsANPR-B1101.3.3.L01.211101 and later
QPTS-B2209.3.71.CLA002.210413 and earlier versionsQPTS-B2209.3.71.CLA005.211210 and later

The attacker has access to 7788 udp port of the device.

Attack step:
Send a specially crafted message.

Obtaining fixed firmware:
Please use the repair versions for update. You may contact the distribution channel, Service Hotline or regional technical support for help.
Service Hotline/regional technical support:https://global.uniview.com/About_Us/Contact_Us/
Uniview products have the capability of cloud upgrade. Relevant repair versions can be obtained through cloud upgrade.

Source of vulnerability information:
Thank SSD Secure Disclosure for reporting this vulnerability.

Contact Us:
Should you have any security issues or concerns with our products or solutions, please contact us at security@uniview.com.