Search criteria
2 vulnerabilities found for DS-KH63 Series,DS-KH85 Series by hikvision
CVE-2023-28810 (GCVE-0-2023-28810)
Vulnerability from cvelistv5 – Published: 2023-06-15 00:00 – Updated: 2024-12-12 21:10
VLAI?
Summary
Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network.
Severity ?
4.3 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| hikvision | DS-K1T804AXX |
Affected:
V1.4.0_build221212 , < V1.4.0_build221212
(custom)
|
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Credits
Peter Szot
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28810",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-12T21:10:21.294163Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T21:10:28.899Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DS-K1T804AXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V1.4.0_build221212",
"status": "affected",
"version": "V1.4.0_build221212",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T341AXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.2.30_build221223",
"status": "affected",
"version": "V3.2.30_build221223",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T671XXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.2.30_build221223",
"status": "affected",
"version": "V3.2.30_build221223",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T343XXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.14.0_build230117",
"status": "affected",
"version": "V3.14.0_build230117",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T341C",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.3.8_build230112",
"status": "affected",
"version": "V3.3.8_build230112",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T320XXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.5.0_build220706",
"status": "affected",
"version": "V3.5.0_build220706",
"versionType": "custom"
}
]
},
{
"product": "DS-KH63 Series,DS-KH85 Series",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V2.2.8_build230219",
"status": "affected",
"version": "V2.2.8_build230219",
"versionType": "custom"
}
]
},
{
"product": "DS-KH9310-WTE1(B),DS-KH9510-WTE1(B)",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V2.1.76_build230204 ",
"status": "affected",
"version": "V2.1.76_build230204 ",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Peter Szot"
}
],
"datePublic": "2023-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-15T00:00:00",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/"
}
],
"solutions": [
{
"lang": "en",
"value": "https://www.hikvision.com/en/support/download/firmware/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2023-28810",
"datePublished": "2023-06-15T00:00:00",
"dateReserved": "2023-03-23T00:00:00",
"dateUpdated": "2024-12-12T21:10:28.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28810 (GCVE-0-2023-28810)
Vulnerability from nvd – Published: 2023-06-15 00:00 – Updated: 2024-12-12 21:10
VLAI?
Summary
Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network.
Severity ?
4.3 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| hikvision | DS-K1T804AXX |
Affected:
V1.4.0_build221212 , < V1.4.0_build221212
(custom)
|
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Credits
Peter Szot
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28810",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-12T21:10:21.294163Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T21:10:28.899Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DS-K1T804AXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V1.4.0_build221212",
"status": "affected",
"version": "V1.4.0_build221212",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T341AXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.2.30_build221223",
"status": "affected",
"version": "V3.2.30_build221223",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T671XXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.2.30_build221223",
"status": "affected",
"version": "V3.2.30_build221223",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T343XXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.14.0_build230117",
"status": "affected",
"version": "V3.14.0_build230117",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T341C",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.3.8_build230112",
"status": "affected",
"version": "V3.3.8_build230112",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T320XXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.5.0_build220706",
"status": "affected",
"version": "V3.5.0_build220706",
"versionType": "custom"
}
]
},
{
"product": "DS-KH63 Series,DS-KH85 Series",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V2.2.8_build230219",
"status": "affected",
"version": "V2.2.8_build230219",
"versionType": "custom"
}
]
},
{
"product": "DS-KH9310-WTE1(B),DS-KH9510-WTE1(B)",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V2.1.76_build230204 ",
"status": "affected",
"version": "V2.1.76_build230204 ",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Peter Szot"
}
],
"datePublic": "2023-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-15T00:00:00",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/"
}
],
"solutions": [
{
"lang": "en",
"value": "https://www.hikvision.com/en/support/download/firmware/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2023-28810",
"datePublished": "2023-06-15T00:00:00",
"dateReserved": "2023-03-23T00:00:00",
"dateUpdated": "2024-12-12T21:10:28.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}