CVE-2023-48121 - OpenCVE

An authentication bypass vulnerability in the Direct Connection Module in Ezviz CS-C6N-xxx prior to v5.3.x build 20230401, Ezviz CS-CV310-xxx prior to v5.3.x build 20230401, Ezviz CS-C6CN-xxx prior to v5.3.x build 20230401, Ezviz CS-C3N-xxx prior to v5.3.x build 20230401 allows remote attackers to obtain sensitive information by sending crafted messages to the affected devices.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ezviz	Cs-c3n-a0-3h2wfrl Cs-c3n-a0-3h2wfrl Firmware Cs-c6cn-a0-3h2wfr Cs-c6cn-a0-3h2wfr Firmware Cs-c6n-a0-1c2wfr Cs-c6n-a0-1c2wfr Firmware Cs-cv310-a0-1c2wfr Cs-cv310-a0-1c2wfr Firmware

Configuration 1 [-]

AND

cpe:2.3:h:ezviz:cs-c6n-a0-1c2wfr:-:*:*:*:*:*:*:*

cpe:2.3:o:ezviz:cs-c6n-a0-1c2wfr_firmware:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:ezviz:cs-cv310-a0-1c2wfr:-:*:*:*:*:*:*:*

cpe:2.3:o:ezviz:cs-cv310-a0-1c2wfr_firmware:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:ezviz:cs-c6cn-a0-3h2wfr:-:*:*:*:*:*:*:*

cpe:2.3:o:ezviz:cs-c6cn-a0-3h2wfr_firmware:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:h:ezviz:cs-c3n-a0-3h2wfrl:-:*:*:*:*:*:*:*

cpe:2.3:o:ezviz:cs-c3n-a0-3h2wfrl_firmware:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://joerngermany.github.io/ezviz_vulnerability/
https://www.ezviz.com/data-security/security-notice/detail/911
https://www.hikvision.com/hk/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-products/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-11-28T00:00:00

Updated: 2024-08-02T21:23:38.779Z

Reserved: 2023-11-13T00:00:00

Link: CVE-2023-48121

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-11-28T19:15:07.340

Modified: 2024-01-09T14:15:46.100

Link: CVE-2023-48121

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ezviz:cs-c6n-a0-1c2wfr:-:*:*:*:*:*:*:*", "matchCriteriaId": "5F7B9244-BE9E-4F6F-99E3-A08B46C4559E", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:ezviz:cs-c6n-a0-1c2wfr_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "B4E67D11-B412-4EBB-BF79-EAE8BE4721C2", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ezviz:cs-cv310-a0-1c2wfr:-:*:*:*:*:*:*:*", "matchCriteriaId": "A9181568-193B-4BF7-9A11-B7A031065934", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:ezviz:cs-cv310-a0-1c2wfr_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "748FC543-B134-4B4D-B4D2-E14060C1A64B", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ezviz:cs-c6cn-a0-3h2wfr:-:*:*:*:*:*:*:*", "matchCriteriaId": "733F085E-29B9-44C6-834F-9B13B95AECDB", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:ezviz:cs-c6cn-a0-3h2wfr_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "06E27881-67A5-4AA3-A6A3-D533BC51BD66", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ezviz:cs-c3n-a0-3h2wfrl:-:*:*:*:*:*:*:*", "matchCriteriaId": "264CF01C-CF57-457B-8433-B2CFD6CF25DF", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:ezviz:cs-c3n-a0-3h2wfrl_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "C9288594-76DC-4212-91AE-6A59F1F10310", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability in the Direct Connection Module in Ezviz CS-C6N-xxx prior to v5.3.x build 20230401, Ezviz CS-CV310-xxx prior to v5.3.x build 20230401, Ezviz CS-C6CN-xxx prior to v5.3.x build 20230401, Ezviz CS-C3N-xxx prior to v5.3.x build 20230401 allows remote attackers to obtain sensitive information by sending crafted messages to the affected devices."}, {"lang": "es", "value": "Una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en Direct Connection Module en Ezviz CS-C6N-xxx anterior a v5.3.x compilaci\u00f3n 20230401, Ezviz CS-CV310-xxx anterior a v5.3.x compilaci\u00f3n 20230401, Ezviz CS-C6CN-xxx anterior a v5.3.x compilaci\u00f3n 20230401, Ezviz CS-C3N-xxx anterior a v5.3.x compilaci\u00f3n 20230401 permite a atacantes remotos obtener informaci\u00f3n confidencial enviando mensajes manipulados a los dispositivos afectados."}], "id": "CVE-2023-48121", "lastModified": "2024-01-09T14:15:46.100", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-28T19:15:07.340", "references": [{"source": "cve@mitre.org", "url": "https://joerngermany.github.io/ezviz_vulnerability/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.ezviz.com/data-security/security-notice/detail/911"}, {"source": "cve@mitre.org", "url": "https://www.hikvision.com/hk/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-products/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}