Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): hikvision
- Search Type: Search All
- CPE Name Search: false
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-33806 |
Insecure default configurations in Hikvision Interactive Tablet DS-D5B86RB/B V2.3.0 build220119, allows attackers to execute arbitrary commands. Published: April 15, 2024; 7:15:06 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29949 |
There is a command injection vulnerability in some Hikvision NVRs. This could allow an authenticated user with administrative rights to execute arbitrary commands. Published: April 02, 2024; 7:15:51 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29948 |
There is an out-of-bounds read vulnerability in some Hikvision NVRs. An authenticated attacker could exploit this vulnerability by sending specially crafted messages to a vulnerable device, causing a service abnormality. Published: April 02, 2024; 7:15:51 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29947 |
There is a NULL dereference pointer vulnerability in some Hikvision NVRs. Due to an insufficient validation of a parameter in a message, an attacker may send specially crafted messages to an affected product, causing a process abnormality. Published: April 02, 2024; 7:15:51 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-6895 |
A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondata[ip] with the input netstat -ano leads to os command injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-248254 is the identifier assigned to this vulnerability. Published: December 17, 2023; 3:15:07 AM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-6894 |
A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been classified as problematic. This affects an unknown part of the file access/html/system.html of the component Log File Handler. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-248253 was assigned to this vulnerability. Published: December 17, 2023; 3:15:06 AM -0500 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-6893 |
A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) and classified as problematic. Affected by this issue is some unknown functionality of the file /php/exportrecord.php. The manipulation of the argument downname with the input C:\ICPAS\Wnmp\WWW\php\conversion.php leads to path traversal. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248252. Published: December 17, 2023; 2:15:07 AM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-28811 |
There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device. Published: November 23, 2023; 2:15:43 AM -0500 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-28808 |
Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices. Published: April 11, 2023; 5:15:29 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-28173 |
The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices. Published: December 19, 2022; 11:15:10 AM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2022-28172 |
The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to XSS attack by sending messages with malicious commands to the affected device. Published: June 27, 2022; 2:15:09 PM -0400 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2022-28171 |
The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to execute restricted commands by sending messages with malicious commands to the affected device. Published: June 27, 2022; 2:15:09 PM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2021-36260 |
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands. Published: September 22, 2021; 9:15:07 AM -0400 |
V3.1: 9.8 CRITICAL V2.0: 9.3 HIGH |
CVE-2020-7057 |
Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users. However, only about 4 or 5 failed logins are allowed. Published: January 14, 2020; 5:15:12 PM -0500 |
V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2013-4976 |
Hikvision DS-2CD7153-E IP Camera has security bypass via hardcoded credentials Published: December 27, 2019; 12:15:15 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2013-4975 |
Hikvision DS-2CD7153-E IP Camera has Privilege Escalation Published: December 27, 2019; 12:15:15 PM -0500 |
V3.1: 8.8 HIGH V2.0: 9.0 HIGH |
CVE-2018-6414 |
A buffer overflow vulnerability in the web server of some Hikvision IP Cameras allows an attacker to send a specially crafted message to affected devices. Due to the insufficient input validation, successful exploit can corrupt memory and lead to arbitrary code execution or crash the process. Published: August 13, 2018; 11:29:00 AM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-6413 |
There is a buffer overflow in the Hikvision Camera DS-2CD9111-S of V4.1.2 build 160203 and before, and this vulnerability allows remote attackers to launch a denial of service attack (service interruption) via a crafted network setting interface request. Published: April 18, 2018; 11:29:00 AM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-14953 |
HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate attackers to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi encryption or authentication. NOTE: Vendor states that this is not a vulnerability, but more an increase to the attack surface of the product Published: December 01, 2017; 12:29:00 PM -0500 |
V3.0: 6.5 MEDIUM V2.0: 3.3 LOW |
CVE-2017-13774 |
Hikvision iVMS-4200 devices before v2.6.2.7 allow local users to generate password-recovery codes via unspecified vectors. Published: August 30, 2017; 5:29:00 AM -0400 |
V3.0: 7.8 HIGH V2.0: 2.1 LOW |