A buffer overflow vulnerability found in the 7788 UDP port of some Uniview products.
CVSS v3 is adopted in this vulnerability scoring（http://www.first.org/cvss/specification-document）
Base score: 8.9 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H)
Temporal score: 7.7 (E:P/RL:O/RC:R)
To exploit this vulnerability, an attacker shall have access to 7788 UDP port of the device, otherwise the attack is impossible.
Please check if 7788 UDP port of the affected device is exposed directly to the Internet (WAN), which would give a potential attacker the ability to attack the device from the Internet.
For a device behind a router or a firewall, the router or the firewall will not map the vulnerable port (7788 UDP port) automatically or open it by default. So, so long as 7788 UDP port of the device is not mapped manually to the WAN, the device is not directly exposed to malicious attacks from the Internet.
Devices on the local area network (LAN) will not be directly attacked from the Internet.
Please configure your router or firewall to open a minimum set of ports to the internet (WAN) and keep only the necessary port mappings. Never set the device as the DMZ host or configure a full cone NAT.
Affected versions and fixed version:
|Affected Version||Fixed Version|
|QIPC-B922.214.171.124705 and earlier versions||QIPC-B9126.96.36.199207 and later|
|QIPC-B8701.9.7.210705 and earlier versions||QIPC-B8701.10.7.211105 and later|
|IPC_Q6303-B0001P67D1907 and earlier versions||IPC_Q6303-B0001P68D1907 and later|
|QIPC-B6302.2.8.210907 and earlier versions||QIPC-B6302.2.10.211105 and later|
|QIPC-B6301.9.9.210828 and earlier versions||QIPC-B6301.9.11.211105 and later|
|QIPC-B2188.8.131.52928 and earlier versions||QIPC-B2184.108.40.206102 and later|
|QIPC-B2220.127.116.11827 and earlier versions||QIPC-B218.104.22.168105 and later|
|QIPC-B122.214.171.124705 and earlier versions||QIPC-B1126.96.36.199105 and later|
|QIPC-R1188.8.131.52705 and earlier versions||QIPC-R1184.108.40.206122 and later|
|QIPC-R1220.127.116.11705 and earlier versions||QIPC-R118.104.22.168122 and later|
|QIPC-B122.214.171.124708 and earlier versions||QIPC-B1126.96.36.199105 and later|
|QIPC-R1188.8.131.52705 and earlier versions||QIPC-R1184.108.40.206122 and later|
|HCMN-B2220.127.116.11705 and earlier versions||HCM-B218.104.22.168105 and later|
|HCMN-R222.214.171.124705 and earlier versions||HCMN-R2126.96.36.199122 and later|
|HCMN-R2188.8.131.52705 and earlier versions||HCMN-R2184.108.40.206122 and later|
|GIPC-B6220.127.116.11705 and earlier versions||GIPC-B618.104.22.168122 and later|
|GIPC-B622.214.171.124705 and earlier versions||GIPC-B6126.96.36.199122 and later|
|GIPC-B6188.8.131.52705 and earlier versions||GIPC-B6184.108.40.206122 and later|
|CIPC-B2302.3.35.210928 and earlier versions||CIPC-B2302.3.65.211102 and later|
|CIPC-B2301.5.35.210705 and earlier versions||CIPC-B2301.5.37.211122 and later|
|GIPC-B6220.127.116.11015 and earlier versions||GIPC-B618.104.22.168028 and later|
|GIPC-B622.214.171.124924 and earlier versions||GIPC-B6126.96.36.199028 and later|
|GIPC-B6188.8.131.52701 and earlier versions||GIPC-B6184.108.40.206118 and later|
|DIPC-B1220.127.116.11701 and earlier versions||DIPC-B118.104.22.168118 and later|
|DIPC-B122.214.171.124922 and earlier versions||DIPC-B1126.96.36.199118 and later|
|DIPC-B1188.8.131.52930 and earlier versions||DIPC-B1184.108.40.206210 and later|
|DIPC-B1220.127.116.11922 and earlier versions||DIPC-B118.104.22.168208 and later|
|DIPC-B122.214.171.124103 and earlier versions||DIPC-B1126.96.36.199210 and later|
|DIPC-B1188.8.131.52729 and earlier versions||DIPC-B1184.108.40.206210 and later|
|DIPC-B1220.127.116.11029 and earlier versions||DIPC-B118.104.22.168209 and later|
|DIPC-B122.214.171.124021 and earlier versions||DIPC-B1126.96.36.199210 and later|
|IPC_G6107-B0001P97D1806 and earlier versions||IPC_G6107-B0001P99D1806 and later|
|ANPR-B1188.8.131.52712 and earlier versions||ANPR-B1101.3.3.L01.211101 and later|
|QPTS-B2209.3.71.CLA002.210413 and earlier versions||QPTS-B2209.3.71.CLA005.211210 and later|
The attacker has access to 7788 udp port of the device.
Send a specially crafted message.
Obtaining fixed firmware：
Please use the repair versions for update. You may contact the distribution channel, Service Hotline or regional technical support for help.
Service Hotline/regional technical support:https://global.uniview.com/About_Us/Contact_Us/
Uniview products have the capability of cloud upgrade. Relevant repair versions can be obtained through cloud upgrade.
Source of vulnerability information:
Thank SSD Secure Disclosure for reporting this vulnerability.
Should you have any security issues or concerns with our products or solutions, please contact us at email@example.com.