CVE-2022-3001

HIGH

Milesight Video Management Systems Firmware < 40.7.0.79 - Denial of Service via Crafted HTTP Request

Title source: llm

Description

This vulnerability exists in Milesight Video Management Systems (VMS), all firmware versions prior to 40.7.0.79-r1, due to improper input handling at camera’s web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the targeted network camera. Successful exploitation of this vulnerability could allow the attacker to cause a Denial of Service condition on the targeted device.

References (1)

Core 1

Core References

Third Party Advisory x_refsource_misc

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2022-0352

Scores

CVSS v3 7.5

EPSS 0.0117

EPSS Percentile 63.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-20

Status published

Products (2)

milesight/video_management_systems_firmware 40.7.0.79

milesight/video_management_systems_firmware < 40.7.0.79

Published Sep 15, 2022

Tracked Since Feb 18, 2026