Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for ds-k1t341amf_firmware by hikvision

    CVE-2023-28810 (GCVE-0-2023-28810)

    Vulnerability from nvd – Published: 2023-06-15 00:00 – Updated: 2024-12-12 21:10
    VLAI
    Summary
    Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    hikvision DS-K1T804AXX Affected: V1.4.0_build221212 , < V1.4.0_build221212 (custom)
    Create a notification for this product.
    hikvision DS-K1T341AXX Affected: V3.2.30_build221223 , < V3.2.30_build221223 (custom)
    Create a notification for this product.
    hikvision DS-K1T671XXX Affected: V3.2.30_build221223 , < V3.2.30_build221223 (custom)
    Create a notification for this product.
    hikvision DS-K1T343XXX Affected: V3.14.0_build230117 , < V3.14.0_build230117 (custom)
    Create a notification for this product.
    hikvision DS-K1T341C Affected: V3.3.8_build230112 , < V3.3.8_build230112 (custom)
    Create a notification for this product.
    hikvision DS-K1T320XXX Affected: V3.5.0_build220706 , < V3.5.0_build220706 (custom)
    Create a notification for this product.
    hikvision DS-KH63 Series,DS-KH85 Series Affected: V2.2.8_build230219 , < V2.2.8_build230219 (custom)
    Create a notification for this product.
    hikvision DS-KH9310-WTE1(B),DS-KH9510-WTE1(B) Affected: V2.1.76_build230204 , < V2.1.76_build230204 (custom)
    Create a notification for this product.
    Date Public
    2023-06-14 00:00
    Credits
    Peter Szot
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T13:51:38.295Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-28810",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-12T21:10:21.294163Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-12T21:10:28.899Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DS-K1T804AXX",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V1.4.0_build221212",
                  "status": "affected",
                  "version": "V1.4.0_build221212",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DS-K1T341AXX",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V3.2.30_build221223",
                  "status": "affected",
                  "version": "V3.2.30_build221223",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DS-K1T671XXX",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V3.2.30_build221223",
                  "status": "affected",
                  "version": "V3.2.30_build221223",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DS-K1T343XXX",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V3.14.0_build230117",
                  "status": "affected",
                  "version": "V3.14.0_build230117",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DS-K1T341C",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V3.3.8_build230112",
                  "status": "affected",
                  "version": "V3.3.8_build230112",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DS-K1T320XXX",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V3.5.0_build220706",
                  "status": "affected",
                  "version": "V3.5.0_build220706",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DS-KH63 Series,DS-KH85 Series",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V2.2.8_build230219",
                  "status": "affected",
                  "version": "V2.2.8_build230219",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DS-KH9310-WTE1(B),DS-KH9510-WTE1(B)",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V2.1.76_build230204",
                  "status": "affected",
                  "version": "V2.1.76_build230204",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Peter Szot"
            }
          ],
          "datePublic": "2023-06-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-15T00:00:00.000Z",
            "orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
            "shortName": "hikvision"
          },
          "references": [
            {
              "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "https://www.hikvision.com/en/support/download/firmware/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
        "assignerShortName": "hikvision",
        "cveId": "CVE-2023-28810",
        "datePublished": "2023-06-15T00:00:00.000Z",
        "dateReserved": "2023-03-23T00:00:00.000Z",
        "dateUpdated": "2024-12-12T21:10:28.899Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-28809 (GCVE-0-2023-28809)

    Vulnerability from nvd – Published: 2023-06-15 00:00 – Updated: 2024-12-18 16:24
    VLAI
    Summary
    Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    hikvision DS-K1T804AXX Affected: V1.4.0_build221212 , < V1.4.0_build221212 (custom)
    Create a notification for this product.
    hikvision DS-K1T341AXX Affected: V3.2.30_build221223 , < V3.2.30_build221223 (custom)
    Create a notification for this product.
    hikvision DS-K1T671XXX Affected: V3.2.30_build221223 , < V3.2.30_build221223 (custom)
    Create a notification for this product.
    hikvision DS-K1T343XXX Affected: V3.14.0_build230117 , < V3.14.0_build230117 (custom)
    Create a notification for this product.
    hikvision DS-K1T341C Affected: V3.3.8_build230112 , < V3.3.8_build230112 (custom)
    Create a notification for this product.
    hikvision DS-K1T320XXX Affected: V3.5.0_build220706 , < V3.5.0_build220706 (custom)
    Create a notification for this product.
    Date Public
    2023-06-14 00:00
    Credits
    Andres Hinnosaar
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T13:51:38.488Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/174506/Hikvision-Access-Control-Session-Hijacking.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-28809",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-18T16:22:10.570445Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-18T16:24:05.385Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DS-K1T804AXX",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V1.4.0_build221212",
                  "status": "affected",
                  "version": "V1.4.0_build221212",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DS-K1T341AXX",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V3.2.30_build221223",
                  "status": "affected",
                  "version": "V3.2.30_build221223",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DS-K1T671XXX",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V3.2.30_build221223",
                  "status": "affected",
                  "version": "V3.2.30_build221223",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DS-K1T343XXX",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V3.14.0_build230117",
                  "status": "affected",
                  "version": "V3.14.0_build230117",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DS-K1T341C",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V3.3.8_build230112",
                  "status": "affected",
                  "version": "V3.3.8_build230112",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DS-K1T320XXX",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V3.5.0_build220706",
                  "status": "affected",
                  "version": "V3.5.0_build220706",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Andres Hinnosaar"
            }
          ],
          "datePublic": "2023-06-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-05T16:06:26.704Z",
            "orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
            "shortName": "hikvision"
          },
          "references": [
            {
              "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/"
            },
            {
              "url": "http://packetstormsecurity.com/files/174506/Hikvision-Access-Control-Session-Hijacking.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "https://www.hikvision.com/en/support/download/firmware/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
        "assignerShortName": "hikvision",
        "cveId": "CVE-2023-28809",
        "datePublished": "2023-06-15T00:00:00.000Z",
        "dateReserved": "2023-03-23T00:00:00.000Z",
        "dateUpdated": "2024-12-18T16:24:05.385Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-28809 (GCVE-0-2023-28809)

    Vulnerability from cvelistv5 – Published: 2023-06-15 00:00 – Updated: 2024-12-18 16:24
    VLAI
    Summary
    Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    hikvision DS-K1T804AXX Affected: V1.4.0_build221212 , < V1.4.0_build221212 (custom)
    Create a notification for this product.
    hikvision DS-K1T341AXX Affected: V3.2.30_build221223 , < V3.2.30_build221223 (custom)
    Create a notification for this product.
    hikvision DS-K1T671XXX Affected: V3.2.30_build221223 , < V3.2.30_build221223 (custom)
    Create a notification for this product.
    hikvision DS-K1T343XXX Affected: V3.14.0_build230117 , < V3.14.0_build230117 (custom)
    Create a notification for this product.
    hikvision DS-K1T341C Affected: V3.3.8_build230112 , < V3.3.8_build230112 (custom)
    Create a notification for this product.
    hikvision DS-K1T320XXX Affected: V3.5.0_build220706 , < V3.5.0_build220706 (custom)
    Create a notification for this product.
    Date Public
    2023-06-14 00:00
    Credits
    Andres Hinnosaar
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T13:51:38.488Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/174506/Hikvision-Access-Control-Session-Hijacking.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-28809",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-18T16:22:10.570445Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-18T16:24:05.385Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DS-K1T804AXX",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V1.4.0_build221212",
                  "status": "affected",
                  "version": "V1.4.0_build221212",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DS-K1T341AXX",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V3.2.30_build221223",
                  "status": "affected",
                  "version": "V3.2.30_build221223",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DS-K1T671XXX",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V3.2.30_build221223",
                  "status": "affected",
                  "version": "V3.2.30_build221223",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DS-K1T343XXX",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V3.14.0_build230117",
                  "status": "affected",
                  "version": "V3.14.0_build230117",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DS-K1T341C",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V3.3.8_build230112",
                  "status": "affected",
                  "version": "V3.3.8_build230112",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DS-K1T320XXX",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V3.5.0_build220706",
                  "status": "affected",
                  "version": "V3.5.0_build220706",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Andres Hinnosaar"
            }
          ],
          "datePublic": "2023-06-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-05T16:06:26.704Z",
            "orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
            "shortName": "hikvision"
          },
          "references": [
            {
              "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/"
            },
            {
              "url": "http://packetstormsecurity.com/files/174506/Hikvision-Access-Control-Session-Hijacking.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "https://www.hikvision.com/en/support/download/firmware/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
        "assignerShortName": "hikvision",
        "cveId": "CVE-2023-28809",
        "datePublished": "2023-06-15T00:00:00.000Z",
        "dateReserved": "2023-03-23T00:00:00.000Z",
        "dateUpdated": "2024-12-18T16:24:05.385Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-28810 (GCVE-0-2023-28810)

    Vulnerability from cvelistv5 – Published: 2023-06-15 00:00 – Updated: 2024-12-12 21:10
    VLAI
    Summary
    Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    hikvision DS-K1T804AXX Affected: V1.4.0_build221212 , < V1.4.0_build221212 (custom)
    Create a notification for this product.
    hikvision DS-K1T341AXX Affected: V3.2.30_build221223 , < V3.2.30_build221223 (custom)
    Create a notification for this product.
    hikvision DS-K1T671XXX Affected: V3.2.30_build221223 , < V3.2.30_build221223 (custom)
    Create a notification for this product.
    hikvision DS-K1T343XXX Affected: V3.14.0_build230117 , < V3.14.0_build230117 (custom)
    Create a notification for this product.
    hikvision DS-K1T341C Affected: V3.3.8_build230112 , < V3.3.8_build230112 (custom)
    Create a notification for this product.
    hikvision DS-K1T320XXX Affected: V3.5.0_build220706 , < V3.5.0_build220706 (custom)
    Create a notification for this product.
    hikvision DS-KH63 Series,DS-KH85 Series Affected: V2.2.8_build230219 , < V2.2.8_build230219 (custom)
    Create a notification for this product.
    hikvision DS-KH9310-WTE1(B),DS-KH9510-WTE1(B) Affected: V2.1.76_build230204 , < V2.1.76_build230204 (custom)
    Create a notification for this product.
    Date Public
    2023-06-14 00:00
    Credits
    Peter Szot
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T13:51:38.295Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-28810",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-12T21:10:21.294163Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-12T21:10:28.899Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DS-K1T804AXX",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V1.4.0_build221212",
                  "status": "affected",
                  "version": "V1.4.0_build221212",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DS-K1T341AXX",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V3.2.30_build221223",
                  "status": "affected",
                  "version": "V3.2.30_build221223",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DS-K1T671XXX",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V3.2.30_build221223",
                  "status": "affected",
                  "version": "V3.2.30_build221223",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DS-K1T343XXX",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V3.14.0_build230117",
                  "status": "affected",
                  "version": "V3.14.0_build230117",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DS-K1T341C",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V3.3.8_build230112",
                  "status": "affected",
                  "version": "V3.3.8_build230112",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DS-K1T320XXX",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V3.5.0_build220706",
                  "status": "affected",
                  "version": "V3.5.0_build220706",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DS-KH63 Series,DS-KH85 Series",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V2.2.8_build230219",
                  "status": "affected",
                  "version": "V2.2.8_build230219",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DS-KH9310-WTE1(B),DS-KH9510-WTE1(B)",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V2.1.76_build230204",
                  "status": "affected",
                  "version": "V2.1.76_build230204",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Peter Szot"
            }
          ],
          "datePublic": "2023-06-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-15T00:00:00.000Z",
            "orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
            "shortName": "hikvision"
          },
          "references": [
            {
              "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "https://www.hikvision.com/en/support/download/firmware/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
        "assignerShortName": "hikvision",
        "cveId": "CVE-2023-28810",
        "datePublished": "2023-06-15T00:00:00.000Z",
        "dateReserved": "2023-03-23T00:00:00.000Z",
        "dateUpdated": "2024-12-12T21:10:28.899Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }