Security Notice - Uniview - Leader of AIoT Solution

English

Products

IP Camera

Products from the Easy series are the most popular choices for entry-level applications such as residential and small retail stores.

Incredibly, you can always find the ideal product in the Prime range, which has even more advanced features to achieve excellent performance.

The Pro series are born with excellent ultra-smart technology, to deliver superior users experience.

Analog Camera

ColorHunter available, surprisingly affordable.

Colorful image, high quality audio and metal casing design.

PTZ Camera

Products from the Easy series are the most popular choices for entry-level applications such as residential and small retail stores.

Prime series PTZ cameras are equipped with LightHunter technology for bright and clear image in the ultra-low environment.

Pro series PTZ cameras are equipped with professional features for vertical market, such as 45x optical zoom, gyroscope, optical defog and so on.

Positioning System

Perfect choice for monitoring large open areas such as border security, harbor, and city monitoring project.

Thermal Camera

Widely used in perimeter security and over-heating detection.

Network Video Recorder

Excellent in input and video storage of several IP cameras. The friendly design of device enclosure and software GUI help operator to achieve a better experience.

Equipped with many practical functions and powerful decoding ability. Fits well with projects, empowers the SMB market.

With large enough capacity, stability and expansibility, Pro Series provides the highest level of performance for vertical market.

Digital Video Recorder

Digital Video Recorder

Access Control

Access Controllers

Speed Gates and Turnstiles

Video Intercoms

Indoor Stations

Video Intercom Kits

Transmission

Display & Control

Industrial-grade LCD panel ensures excellent image quality.

Commercial grade display brings immersive experience.

The ultimate in pixel-level presentation.

Smart Interactive Display

Interactive display for smart office and tutoring.

Storage & Calculation

General Calculation

Desktop Storage

Intelligent Computing

Intelligent edge computing server

VMS

Client Software

Accessories

Energy Storage System

Portable Power Station

Residential Energy Storage System

Uniarch

Security camera system

Security in a simple way.

Video conference devices

Bring meetings alive.

Dedicated Products

Solutions

Solutions by Industry

Industrial Park

Solutions by Function

Smart intrusion prevention

Support

Download Center

Datasheet

Network Camera Analog Camera NVR Access Control Video Intercoms Transmission Storage IP-Kit Accessories Client Software VMS Intelligent Computing Energy Storage System Flash media

Product Installation

Quick Guide User Manual Suppliers Declaration of Conformity Other

Brochures

Product Leaflet & Fold

Maintenance Tools

How To

How To Videos

FAQ

Academy

Training and Certification

Featured Function

RMA

Anti-Counterfeiting Query

Request for Repair

Warranty Inquiry

Cybersecurity

Security Notice

Vulnerability Response Process

Vulnerability report

Uniview Security Lab

Service Hotline

Product Licensing

Register the First Time

Register Upgrade Licenses

Product Licensing

Partner

Partner Program

Dealer Partner Program

Uniview Dealer Program provide exclusive intimate services for our dealer partners who mainly focus on distribution and reselling businesses.

Solution Partner Program

With Uniview Solutions Partner Program, we enable growth and build relationships while providing a comprehensive solution for clients.

Technology Partner

Technology Partner is the industry leaders that Uniview cooperated with. We support integration with third-party partners to meet users' needs for integration.

Find our partners

Channel Partner

Technology Partners

Partner Stories

About Us

Contact Us

X

Global

Global - English

Asia

Thailand - ประเทศไทย Vietnam - Tiếng Việt Korea - 한국어 Japan - 日本語 Indonesia - Bahasa China - 简体中文

Europe

Germany - Deutsch Italy - Italiano Spain - Español France - Français Poland - Polski Portugal - Português Eurasia Region - Русский

Middle East

Arabic - العربية Turkey - Türkçe

America

United States - English Canada - English Brazil - Português Latin America - Español

Can't find your country? Visit our global site in English.

Products

IP Camera

Analog Camera

PTZ Camera

Positioning System

Thermal Camera

Network Video Recorder

Network Video Recorder

Digital Video Recorder

Digital Video Recorder

Digital Video Recorder

Access Control

Access Controllers

Speed Gates and Turnstiles

Video Intercoms

Video Intercoms

Indoor Stations

Video Intercom Kits

Transmission

Display & Control

Storage & Calculation

Storage & Calculation

General Calculation

Desktop Storage

Intelligent Computing

Intelligent Computing

VMS

Client Software

Client Software

Accessories

Energy Storage System

Energy Storage System

Portable Power Station

Residential Energy Storage System

Dedicated Products

Solutions

Solutions by Industry

Solutions by Industry

Industrial Park

Solutions by Function

Solutions by Function

Smart intrusion prevention

Support

Download Center

Download Center

Product Installation

Maintenance Tools

Cybersecurity

Security Notice

Vulnerability Response Process

Vulnerability report

Uniview Security Lab

Service Hotline

Product Licensing

Partner

Find our partners

Partner Program

Partner Program

Dealer Partner Program

Solution Partner Program

Technology Partner

About Us

GLOBAL / ENGLISH

GLOBAL / ENGLISH

Global

Global - English

Asia

China - 简体中文

Indonesia - Bahasa

Japan - 日本語

Korea - 한국어

Vietnam - Tiếng Việt

Thailand - ประเทศไทย

Europe

Portugal - Português

Poland - Polski

France - Français

Spain - Español

Italy - Italiano

Germany - Deutsch

Eurasia Region - Русский

Middle East

Turkey - Türkçe

Arabic - العربية

America

Latin America - Español

Brazil - Português

United States - English

Canada - English

Home

Security Notice

Security Notice -Reflected Cross-Site Scripting (XSS) Vulnerability in Some Uniview NVR Products

2024-06-14

SA ID：USRC-202406-01

First Published：2024-06-14

Summary：

Reflected Cross-Site Scripting (XSS) vulnerability found in some Uniview NVR products. An attacker could send a user a URL that if clicked on could execute malicious JavaScript in their browser.

This vulnerability also requires authentication before it can be exploited, so the scope and severity is limited. Also, even if JavaScript is executed, no additional benefits are obtained.

We advise against using port forwarding and disable UPnP to avoid attacks from the Internet.

CVE ID： CVE-2024-3850

Scoring：

CVSS v3 is adopted in this vulnerability scoring（http://www.first.org/cvss/specification-document）

Base score: 5.4 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected versions and fixed version:

Product Models

Affected Version

Fixed Version

NVR301-04S3

NVR301-08S3

NVR301-16S3

NVR301-04LS2

NVR301-08LS2

NVR301-04LS3-P4

NVR301-04S3-P4

NVR301-08S3-P8

NVR301-08LS3-P8

NVR301-16LS3-P8

NVR-B3610.32.20.231219

and earlier

NVR-B3610.33.27.240523 and later

NVR301-04S2-P4

NVR-B3801.20.15.200829

and earlier

NVR-B3801.20.17.240507

and later

Obtaining fixed firmware：

Please use the repair versions for update. You may contact the distribution channel, Service Hotline or regional technical support for help.

Service Hotline/regional technical support: https://global.uniview.com/About_Us/Contact_Us/

Some Uniview products have the capability of cloud upgrade. Relevant repair versions can be obtained through cloud upgrade.

Source of vulnerability information:

Thank CISA for reporting this vulnerability.

Contact Us:

Should you have any security issues or concerns with our products or solutions, please contact us at security@uniview.com.