Lucene search

HikvisionCVELIST:CVE-2023-28810

HistoryJun 15, 2023 - 12:00 a.m.

CVE-2023-28810

2023-06-1500:00:00

CWE-284

hikvision

www.cve.org

access control

intercom

unauthorized modification

network configuration

vulnerability

attackers

data packets

local network

4.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

4.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network.

CNA Affected

[
  {
    "vendor": "hikvision",
    "product": "DS-K1T804AXX",
    "versions": [
      {
        "version": "V1.4.0_build221212",
        "status": "affected",
        "lessThan": "V1.4.0_build221212",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "hikvision",
    "product": "DS-K1T341AXX",
    "versions": [
      {
        "version": "V3.2.30_build221223",
        "status": "affected",
        "lessThan": "V3.2.30_build221223",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "hikvision",
    "product": "DS-K1T671XXX",
    "versions": [
      {
        "version": "V3.2.30_build221223",
        "status": "affected",
        "lessThan": "V3.2.30_build221223",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "hikvision",
    "product": "DS-K1T343XXX",
    "versions": [
      {
        "version": "V3.14.0_build230117",
        "status": "affected",
        "lessThan": "V3.14.0_build230117",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "hikvision",
    "product": "DS-K1T341C",
    "versions": [
      {
        "version": "V3.3.8_build230112",
        "status": "affected",
        "lessThan": "V3.3.8_build230112",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "hikvision",
    "product": "DS-K1T320XXX",
    "versions": [
      {
        "version": "V3.5.0_build220706",
        "status": "affected",
        "lessThan": "V3.5.0_build220706",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "hikvision",
    "product": "DS-KH63 Series,DS-KH85 Series",
    "versions": [
      {
        "version": "V2.2.8_build230219",
        "status": "affected",
        "lessThan": "V2.2.8_build230219",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "hikvision",
    "product": "DS-KH9310-WTE1(B),DS-KH9510-WTE1(B)",
    "versions": [
      {
        "version": "V2.1.76_build230204 ",
        "status": "affected",
        "lessThan": "V2.1.76_build230204 ",
        "versionType": "custom"
      }
    ]
  }
]

References

www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/

4.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

4.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVELIST:CVE-2023-28810