MidnightBSD

Advisories for unimo

CVE-2022-35733

Missing authentication for critical function vulnerability in UNIMO Technology digital video recorders (UDR-JA1004/JA1008/JA1016 firmware versions v1.0.20.13 and earlier, and UDR-JA1016 firmware versions v2.0.20.13 and earlier) allows a remote unauthenticated attacker to execute an arbitrary OS command by sending a specially crafted request to the affected device web interface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
unimo udr-ja1016_firmware *
unimo udr-ja1008_firmware *
unimo udr-ja1004_firmware *
CVE-2022-43464

Hidden functionality vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.

Products Affected

Vendor Product Version
unimo udr-ja1604_firmware *
unimo udr-ja1616_firmware *
unimo udr-ja1608_firmware *
CVE-2022-44606

OS command injection vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.

Products Affected

Vendor Product Version
unimo udr-ja1604_firmware *
unimo udr-ja1616_firmware *
unimo udr-ja1608_firmware *
CVE-2022-44620

Improper authentication vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.

Products Affected

Vendor Product Version
unimo udr-ja1604_firmware *
unimo udr-ja1616_firmware *
unimo udr-ja1608_firmware *