3 matches found
CVE-2023-6895
Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) contains an OS command injection in /php/ping.php via jsondata[ip], where the attacker-provided input (e.g., netstat -ano) can execute commands. Public exploit details exist; upgrading to version 4.1.0 addresses the issue.
CVE-2023-6894
The CVE-2023-6894 entry concerns Hikvision Intercom Broadcasting System 3.0.3_20201113 RELEASE (HIK) with vulnerability in the Log File Handler’s file system.html (access/html/system.html). The exploit enables information disclosure through manipulation of that component. Multiple sources confirm...
CVE-2023-6893
Hikvision Intercom Broadcasting System 3.0.3 has a path traversal flaw in /php/exportrecord.php via the downname parameter (input like C:\ICPAS\Wnmp\WWW\php\conversion.php). The vulnerability is publicly disclosed; impact is path traversal. Upgrading to version 4.1.0 mitigates the issue. Some con...