Vulnerability Details CVE-2022-47070
NVS365 V01 is vulnerable to Incorrect Access Control. After entering a wrong password, the url will be sent to the server twice. In the second package, the server will return the correct password information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 35.2%
CVSS Severity
CVSS v3 Score 7.5
References
- https://github.com/Sylon001/NVS-365-Camera/tree/master/NVS365%20Network%20Video%20Server%20Password%20Information%20Unauthorized%20Access%20Vulnerability
- https://github.com/Sylon001/NVS365/tree/main/NVS-365-V01%E6%91%84%E5%83%8F%E5%A4%B4%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE%E5%AF%86%E7%A0%81
- https://github.com/Sylon001/NVS-365-Camera/tree/master/NVS365%20Network%20Video%20Server%20Password%20Information%20Unauthorized%20Access%20Vulnerability
- https://github.com/Sylon001/NVS365/tree/main/NVS-365-V01%E6%91%84%E5%83%8F%E5%A4%B4%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE%E5%AF%86%E7%A0%81
Products affected by CVE-2022-47070
-
cpe:2.3:h:nvs365:nvs-365-v01:-
-
cpe:2.3:o:nvs365:nvs-365-v01_firmware:-