Security Advisory

Uniview Product Security Update Advisory (CVE-2024-0778)

Mar 07 2024

Overview

An update has been made available to address a vulnerability in the Uniview product. users of affected versions are advised to update to the latest version.

Affected Products

Uniview ISC 2500-S versions up to 20210930

Resolved Vulnerabilities

OS command injection vulnerability via manipulation of the natAddress/natPort/natServerPort arguments of the setNatConfig function in the /Interface/DevManage/VM.php file in Uniview ISC 2500-S (CVE-2024-0778)

Vulnerability Patches

no patch version available (affects only products that are at least no longer supported)

Referenced Sites

[1] CVE-2024-0778 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-0778
[2] uniview isc 2500-s up to 20210930 vm.php setnatconfig nataddress/natport/natserverport os command injection
https://vuldb.com/?id.251696
[3] ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which…
https://github.com/advisories/GHSA-82vc-jg89-jq37

Previous Post

JetBrains TeamCity Security Update Advisory (CVE-2024-27198, CVE-2024-27199)

Next Post

Citrix product family (Citrix Hypervisor, Citrix Virtual Apps and Desktops, etc.) security update recommendations