#VU81992 Improper access control in Hikvision products - CVE-2023-28810
Published: October 13, 2023
Vulnerability identifier: #VU81992
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-28810
CWE-ID: CWE-284
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
DS-K1T804AEF
DS-K1T804AF
DS-K1T804AMF
DS-K1T341AM
DS-K1T341AMF
DS-K1T671M
DS-K1T671MF
DS-K1T671TM-3XF
DS-K1T671TMFW
DS-K1T671TMW
DS-K1T343EFWX
DS-K1T343EFX
DS-K1T343EWX
DS-K1T343EX
DS-K1T343MFWX
DS-K1T343MFX
DS-K1T343MWX
DS-K1T343MX
DS-K1T341C
DS-K1T320EFWX
DS-K1T320EFX
DS-K1T320EWX
DS-K1T320EX
DS-K1T320MFWX
DS-K1T320MFX
DS-K1T320MWX
DS-K1T320MX
DS-KH63 Series
DS-KH85 Series
DS-KH62 Series
DS-KH9310-WTE1(B)
DS-KH9510-WTE1(B)
DS-K1T804AEF
DS-K1T804AF
DS-K1T804AMF
DS-K1T341AM
DS-K1T341AMF
DS-K1T671M
DS-K1T671MF
DS-K1T671TM-3XF
DS-K1T671TMFW
DS-K1T671TMW
DS-K1T343EFWX
DS-K1T343EFX
DS-K1T343EWX
DS-K1T343EX
DS-K1T343MFWX
DS-K1T343MFX
DS-K1T343MWX
DS-K1T343MX
DS-K1T341C
DS-K1T320EFWX
DS-K1T320EFX
DS-K1T320EWX
DS-K1T320EX
DS-K1T320MFWX
DS-K1T320MFX
DS-K1T320MWX
DS-K1T320MX
DS-KH63 Series
DS-KH85 Series
DS-KH62 Series
DS-KH9310-WTE1(B)
DS-KH9510-WTE1(B)
Software vendor:
Hikvision
Hikvision
Description
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote attacker on the local network can send specially crafted data packets to the vulnerable interface and modify device network configuration.
Remediation
Install updates from vendor's website.