Vulnerability-Lookup - Search a vulnerability

All the vulnerabilites related to hikvision - DS-KH9310-WTE1(B),DS-KH9510-WTE1(B)

cve-2023-28810

Vulnerability from cvelistv5

Published

2023-06-15 00:00

Modified

2024-08-02 13:51

Severity ?

4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network.

References

▼	URL	Tags
	https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/

Impacted products

▼	Vendor	Product
	hikvision	DS-K1T804AXX
	hikvision	DS-K1T341AXX
	hikvision	DS-K1T671XXX
	hikvision	DS-K1T343XXX
	hikvision	DS-K1T341C
	hikvision	DS-K1T320XXX
	hikvision	DS-KH63 Series,DS-KH85 Series
	hikvision	DS-KH9310-WTE1(B),DS-KH9510-WTE1(B)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T13:51:38.295Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DS-K1T804AXX",
          "vendor": "hikvision",
          "versions": [
            {
              "lessThan": "V1.4.0_build221212",
              "status": "affected",
              "version": "V1.4.0_build221212",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "DS-K1T341AXX",
          "vendor": "hikvision",
          "versions": [
            {
              "lessThan": "V3.2.30_build221223",
              "status": "affected",
              "version": "V3.2.30_build221223",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "DS-K1T671XXX",
          "vendor": "hikvision",
          "versions": [
            {
              "lessThan": "V3.2.30_build221223",
              "status": "affected",
              "version": "V3.2.30_build221223",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "DS-K1T343XXX",
          "vendor": "hikvision",
          "versions": [
            {
              "lessThan": "V3.14.0_build230117",
              "status": "affected",
              "version": "V3.14.0_build230117",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "DS-K1T341C",
          "vendor": "hikvision",
          "versions": [
            {
              "lessThan": "V3.3.8_build230112",
              "status": "affected",
              "version": "V3.3.8_build230112",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "DS-K1T320XXX",
          "vendor": "hikvision",
          "versions": [
            {
              "lessThan": "V3.5.0_build220706",
              "status": "affected",
              "version": "V3.5.0_build220706",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "DS-KH63 Series,DS-KH85 Series",
          "vendor": "hikvision",
          "versions": [
            {
              "lessThan": "V2.2.8_build230219",
              "status": "affected",
              "version": "V2.2.8_build230219",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "DS-KH9310-WTE1(B),DS-KH9510-WTE1(B)",
          "vendor": "hikvision",
          "versions": [
            {
              "lessThan": "V2.1.76_build230204 ",
              "status": "affected",
              "version": "V2.1.76_build230204 ",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Peter Szot"
        }
      ],
      "datePublic": "2023-06-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284 Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-15T00:00:00",
        "orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
        "shortName": "hikvision"
      },
      "references": [
        {
          "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "https://www.hikvision.com/en/support/download/firmware/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
    "assignerShortName": "hikvision",
    "cveId": "CVE-2023-28810",
    "datePublished": "2023-06-15T00:00:00",
    "dateReserved": "2023-03-23T00:00:00",
    "dateUpdated": "2024-08-02T13:51:38.295Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}