Home Security Notice
Security Advisory - Access Control Vulnerability Exist in Certain Uniview IPC Products
2023-09-11

SA ID: USRC-202309-01

Vulnerability overview:

Some Uniview IPC products have access control vulnerabilities, where attackers may modify device user credentials by sending specifically crafted packets.

Risk assessment: The HTTP port does not automatically map to the Internet. If user does not configure the Internet router or other networking devices to map the HTTP port to the Internet, attackers cannot directly attack through the Internet, and devices on the Local Area Network (LAN) or private network will not be directly targeted by malicious attacks from Internet attackers.

CVE ID CVE-2023-0773

Vulnerability score:

CVSS v3 is adopted in this vulnerability scoring (http://www.first.org/cvss/specification-document)

Base score: 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)

Temporal score: 7.9 (E:P/RL:O/RC:R)

Affected versions and fixed versions:

Affected Version

Fixed Version

CIPC-B2303.2.8.230105 and earlier

CIPC-B2303.3.3.230322 and later

DIPC-B1213.6.5.230215 and earlier

DIPC-B1213.7.2.230315 and later

DIPC-B1216.5.7.230109 and earlier

DIPC-B1216.6.2.230315 and later

DIPC-B1221.3.5.221202 and earlier

DIPC-B1221.5.2.230315 and later

DIPC-B1222.3.8.230223 and earlier

DIPC-B1222.5.2.230309 and later

DIPC-B1225.3.3.221123 and earlier

DIPC-B1225.5.2.230315 and later

DIPC-B1226.3.6.230105 and earlier

DIPC-B1226.5.2.230315 and later

DIPC-B1219.2.67.221019 and earlier

DIPC-B1219.2.71.230221 and later

DIPC-B1223.3.3.221123 and earlier

DIPC-B1223.5.3.230324 and later

DIPC-B1228.2.65.230207 and earlier

DIPC-B1228.5.3.230324 and later

DIPC-B1229.1.67.230104 and earlier

DIPC-B1229.1.69.230515 and later

Obtaining fixed version:

Please obtain the fixed version and upgrade. You may contact your local dealer, Uniview service hotline, or regional technical support for assistance.

Products with cloud upgrade capabilities can obtain the fixed version through cloud upgrade.

Source of vulnerability information:

Thanks to Indian Computer Emergency Response Team for reporting these vulnerabilities.

Contact us:

If you have any security issues or concerns regarding our products or solutions, please contact us at security@uniview.com

Back