Missing authentication for critical function vulnerability in UNIMO Technology digital video recorders (UDR-JA1004/JA1008/JA1016 firmware versions v1.0.20.13 and earlier, and UDR-JA1016 firmware versions v2.0.20.13 and earlier) allows a remote unauthenticated attacker to execute an arbitrary OS command by sending a specially crafted request to the affected device web interface.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| unimo | udr-ja1016_firmware | * |
| unimo | udr-ja1008_firmware | * |
| unimo | udr-ja1004_firmware | * |
Hidden functionality vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| unimo | udr-ja1604_firmware | * |
| unimo | udr-ja1616_firmware | * |
| unimo | udr-ja1608_firmware | * |
OS command injection vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| unimo | udr-ja1604_firmware | * |
| unimo | udr-ja1616_firmware | * |
| unimo | udr-ja1608_firmware | * |
Improper authentication vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| unimo | udr-ja1604_firmware | * |
| unimo | udr-ja1616_firmware | * |
| unimo | udr-ja1608_firmware | * |