Uniview NVR301-04S2-P4 is vulnerable to reflected cross-site scripting attack (XSS). An attacker could send a user a URL that if clicked on could execute malicious JavaScript in their browser. This vulnerability also requires authentication before it can be exploited, so the scope and severity is limited. Also, even if JavaScript is executed, no additional benefits are obtained.
References
Link | Resource |
---|---|
https://www.cisa.gov/news-events/ics-advisories/icsa-24-156-01 | Third Party Advisory US Government Resource |
https://github.com/r3naissance/nuclei-templates/blob/main/http/cves/2024/CVE-2024-3850.yaml | |
https://www.cisa.gov/news-events/ics-advisories/icsa-24-156-01 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 09:30
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | () https://www.cisa.gov/news-events/ics-advisories/icsa-24-156-01 - Third Party Advisory, US Government Resource |
12 Jun 2024, 18:12
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
First Time |
Uniview nvr301-04s2-p4 Firmware
Uniview nvr301-04s2-p4 Uniview |
|
References | () https://www.cisa.gov/news-events/ics-advisories/icsa-24-156-01 - Third Party Advisory, US Government Resource | |
CPE | cpe:2.3:o:uniview:nvr301-04s2-p4_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:uniview:nvr301-04s2-p4:-:*:*:*:*:*:*:* |
10 Jun 2024, 17:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-10 17:16
Updated : 2024-11-21 09:30
NVD link : CVE-2024-3850
Mitre link : CVE-2024-3850
CVE.ORG link : CVE-2024-3850
JSON object : View
Products Affected
uniview
- nvr301-04s2-p4
- nvr301-04s2-p4_firmware
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')