Lucene search

[email protected]CVE-2023-28810

HistoryJun 15, 2023 - 10:15 p.m.

CVE-2023-28810

2023-06-1522:15:09

CWE-284

[email protected]

web.nvd.nist.gov

access control

intercom

unauthorized modification

device network configuration

vulnerabilities

data packets

local network

cve-2023-28810

nvd

4.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

4.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.9%

JSON

Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network.

Affected configurations

NVD

Node

hikvisionds-k1t804af_firmwareRange≤1.4.0_build221212

AND

hikvisionds-k1t804afMatch-

Node

hikvisionds-k1t804amf_firmwareRange≤1.4.0_build221212

AND

hikvisionds-k1t804amfMatch-

Node

hikvisionds-k1t341am_firmwareRange≤3.2.30_build221223

AND

hikvisionds-k1t341amMatch-

Node

hikvisionds-k1t341amf_firmwareRange≤3.2.30_build221223

AND

hikvisionds-k1t341amfMatch-

Node

hikvisionds-k1t671m_firmwareRange≤3.2.30_build221223

AND

hikvisionds-k1t671mMatch-

Node

hikvisionds-k1t671mf_firmwareRange≤3.2.30_build221223

AND

hikvisionds-k1t671mfMatch-

Node

hikvisionds-k1t671_firmwareRange≤3.2.30_build221223

AND

hikvisionds-k1t671Match-

Node

hikvisionds-k1t343efwx_firmwareRange≤3.14.0_build230117

AND

hikvisionds-k1t343efwxMatch-

Node

hikvisionds-k1t343efx_firmwareRange≤3.14.0_build230117

AND

hikvisionds-k1t343efxMatch-

Node

hikvisionds-k1t343ewx_firmwareRange≤3.14.0_build230117

AND

hikvisionds-k1t343ewxMatch-

Node

hikvisionds-k1t343ex_firmwareRange≤3.14.0_build230117

AND

hikvisionds-k1t343exMatch-

Node

hikvisionds-k1t343mfwx_firmwareRange≤3.14.0_build230117

AND

hikvisionds-k1t343mfwxMatch-

Node

hikvisionds-k1t343mfx_firmwareRange≤3.14.0_build230117

AND

hikvisionds-k1t343mfxMatch-

Node

hikvisionds-k1t343mwx_firmwareRange≤3.14.0_build230117

AND

hikvisionds-k1t343mwxMatch-

Node

hikvisionds-k1t343mx_firmwareRange≤3.14.0_build230117

AND

hikvisionds-k1t343mxMatch-

Node

hikvisionds-k1t341c_firmwareRange≤3.3.8_build230112

AND

hikvisionds-k1t341cMatch-

Node

hikvisionds-k1t320efwx_firmwareRange≤3.5.0_build220706

AND

hikvisionds-k1t320efwxMatch-

Node

hikvisionds-k1t320efx_firmwareRange≤3.5.0_build220706

AND

hikvisionds-k1t320efxMatch-

Node

hikvisionds-k1t320ewx_firmwareRange≤3.5.0_build220706

AND

hikvisionds-k1t320ewxMatch-

Node

hikvisionds-k1t320ex_firmwareRange≤3.5.0_build220706

AND

hikvisionds-k1t320exMatch-

Node

hikvisionds-k1t320mfwx_firmwareRange≤3.5.0_build220706

AND

hikvisionds-k1t320mfwxMatch-

Node

hikvisionds-k1t320mfx_firmwareRange≤3.5.0_build220706

AND

hikvisionds-k1t320mfxMatch-

Node

hikvisionds-k1t320mwx_firmwareRange≤3.5.0_build220706

AND

hikvisionds-k1t320mwxMatch-

Node

hikvisionds-k1t320mx_firmwareRange≤3.5.0_build220706

AND

hikvisionds-k1t320mxMatch-

Node

hikvisionds-kh6320-wte1_firmwareRange≤2.2.8_build230219

AND

hikvisionds-kh6320-wte1Match-

Node

hikvisionds-kh6350-wte1_firmwareRange≤2.2.8_build230219

AND

hikvisionds-kh6350-wte1Match-

Node

hikvisionds-kh6351-te1_firmwareRange≤2.2.8_build230219

AND

hikvisionds-kh6351-te1Match-

Node

hikvisionds-kh6351-wte1_firmwareRange≤2.2.8_build230219

AND

hikvisionds-kh6351-wte1Match-

Node

hikvisionds-kh6320-le1_firmwareRange≤2.2.8_build230219

AND

hikvisionds-kh6320-le1Match-

Node

hikvisionds-kh63le1\(b\)_firmwareRange≤2.2.8_build230219

AND

hikvisionds-kh63le1\(b\)Match-

Node

hikvisionds-kh6320-tde1_firmwareRange≤2.2.8_build230219

AND

hikvisionds-kh6320-tde1Match-

Node

hikvisionds-kh6320-te1_firmwareRange≤2.2.8_build230219

AND

hikvisionds-kh6320-te1Match-

Node

hikvisionds-kh6320-wtde1_firmwareRange≤2.2.8_build230219

AND

hikvisionds-kh6320-wtde1Match-

Node

hikvisionds-kh8520-wte1_firmwareRange≤2.2.8_build230219

AND

hikvisionds-kh8520-wte1Match-

Node

hikvisionds-kh6220-le1_firmwareRange≤1.4.62_build220414

AND

hikvisionds-kh6220-le1Match-

Node

hikvisionds-kh9310-wte1\(b\)_firmwareRange≤2.1.76_build230204

AND

hikvisionds-kh9310-wte1\(b\)Match-

Node

hikvisionds-kh9510-wte1\(b\)_firmwareRange≤2.1.76_build230204

AND

hikvisionds-kh9510-wte1\(b\)Match-

CPENameOperatorVersion
hikvision:ds-k1t804af_firmwarehikvision ds-k1t804af firmwarele1.4.0_build221212

CPE	Name	Operator	Version
hikvision:ds-k1t804af_firmware	hikvision ds-k1t804af firmware	le	1.4.0_build221212

CNA Affected

[
  {
    "vendor": "hikvision",
    "product": "DS-K1T804AXX",
    "versions": [
      {
        "version": "V1.4.0_build221212",
        "status": "affected",
        "lessThan": "V1.4.0_build221212",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "hikvision",
    "product": "DS-K1T341AXX",
    "versions": [
      {
        "version": "V3.2.30_build221223",
        "status": "affected",
        "lessThan": "V3.2.30_build221223",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "hikvision",
    "product": "DS-K1T671XXX",
    "versions": [
      {
        "version": "V3.2.30_build221223",
        "status": "affected",
        "lessThan": "V3.2.30_build221223",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "hikvision",
    "product": "DS-K1T343XXX",
    "versions": [
      {
        "version": "V3.14.0_build230117",
        "status": "affected",
        "lessThan": "V3.14.0_build230117",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "hikvision",
    "product": "DS-K1T341C",
    "versions": [
      {
        "version": "V3.3.8_build230112",
        "status": "affected",
        "lessThan": "V3.3.8_build230112",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "hikvision",
    "product": "DS-K1T320XXX",
    "versions": [
      {
        "version": "V3.5.0_build220706",
        "status": "affected",
        "lessThan": "V3.5.0_build220706",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "hikvision",
    "product": "DS-KH63 Series,DS-KH85 Series",
    "versions": [
      {
        "version": "V2.2.8_build230219",
        "status": "affected",
        "lessThan": "V2.2.8_build230219",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "hikvision",
    "product": "DS-KH9310-WTE1(B),DS-KH9510-WTE1(B)",
    "versions": [
      {
        "version": "V2.1.76_build230204 ",
        "status": "affected",
        "lessThan": "V2.1.76_build230204 ",
        "versionType": "custom"
      }
    ]
  }
]

References

www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/

4.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

4.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.9%

JSON

Related for CVE-2023-28810

prion1 nvd1 cvelist1 ics1