Not SimonSSD provides vulnerability details and proof of concept for CVE-2023-0773 (9.1 critical, disclosed 11 September 2023 by Uniview) authentication bypass in IPC2322LB network camera. "If this is combined with a CLI escape, the Uniview deviceβs security can be completely compromised." π https://ssd-disclosure.com/ssd-advisory-uniview-ipc2322lb-auth-bypass-and-cli-escape/
H/T @buherator
SSD Advisory - Uniview IPC2322LB Auth Bypass and CLI escape - SSD Secure Disclosure
Summary The Uniview IPC2322LB processes authentication requests allows remote attackers to bypass the authentication process and gain unauthorized access. If this is combined with a CLI escape, the Uniview deviceβs security can be completely compromised. Credit Yoseop Kim working for SSD Labs Korea Vendor Response The vendor has released an advisory that addresses this issue: β¦ SSD Advisory β Uniview IPC2322LB Auth Bypass and CLI escape Read More Β»