Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for ds-kh6320-tde1_firmware by hikvision

    CVE-2023-28810 (GCVE-0-2023-28810)

    Vulnerability from nvd – Published: 2023-06-15 00:00 – Updated: 2024-12-12 21:10
    VLAI
    Summary
    Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    hikvision DS-K1T804AXX Affected: V1.4.0_build221212 , < V1.4.0_build221212 (custom)
    Create a notification for this product.
    hikvision DS-K1T341AXX Affected: V3.2.30_build221223 , < V3.2.30_build221223 (custom)
    Create a notification for this product.
    hikvision DS-K1T671XXX Affected: V3.2.30_build221223 , < V3.2.30_build221223 (custom)
    Create a notification for this product.
    hikvision DS-K1T343XXX Affected: V3.14.0_build230117 , < V3.14.0_build230117 (custom)
    Create a notification for this product.
    hikvision DS-K1T341C Affected: V3.3.8_build230112 , < V3.3.8_build230112 (custom)
    Create a notification for this product.
    hikvision DS-K1T320XXX Affected: V3.5.0_build220706 , < V3.5.0_build220706 (custom)
    Create a notification for this product.
    hikvision DS-KH63 Series,DS-KH85 Series Affected: V2.2.8_build230219 , < V2.2.8_build230219 (custom)
    Create a notification for this product.
    hikvision DS-KH9310-WTE1(B),DS-KH9510-WTE1(B) Affected: V2.1.76_build230204 , < V2.1.76_build230204 (custom)
    Create a notification for this product.
    Date Public
    2023-06-14 00:00
    Credits
    Peter Szot
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T13:51:38.295Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-28810",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-12T21:10:21.294163Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-12T21:10:28.899Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DS-K1T804AXX",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V1.4.0_build221212",
                  "status": "affected",
                  "version": "V1.4.0_build221212",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DS-K1T341AXX",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V3.2.30_build221223",
                  "status": "affected",
                  "version": "V3.2.30_build221223",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DS-K1T671XXX",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V3.2.30_build221223",
                  "status": "affected",
                  "version": "V3.2.30_build221223",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DS-K1T343XXX",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V3.14.0_build230117",
                  "status": "affected",
                  "version": "V3.14.0_build230117",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DS-K1T341C",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V3.3.8_build230112",
                  "status": "affected",
                  "version": "V3.3.8_build230112",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DS-K1T320XXX",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V3.5.0_build220706",
                  "status": "affected",
                  "version": "V3.5.0_build220706",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DS-KH63 Series,DS-KH85 Series",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V2.2.8_build230219",
                  "status": "affected",
                  "version": "V2.2.8_build230219",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DS-KH9310-WTE1(B),DS-KH9510-WTE1(B)",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V2.1.76_build230204",
                  "status": "affected",
                  "version": "V2.1.76_build230204",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Peter Szot"
            }
          ],
          "datePublic": "2023-06-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-15T00:00:00.000Z",
            "orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
            "shortName": "hikvision"
          },
          "references": [
            {
              "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "https://www.hikvision.com/en/support/download/firmware/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
        "assignerShortName": "hikvision",
        "cveId": "CVE-2023-28810",
        "datePublished": "2023-06-15T00:00:00.000Z",
        "dateReserved": "2023-03-23T00:00:00.000Z",
        "dateUpdated": "2024-12-12T21:10:28.899Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-28810 (GCVE-0-2023-28810)

    Vulnerability from cvelistv5 – Published: 2023-06-15 00:00 – Updated: 2024-12-12 21:10
    VLAI
    Summary
    Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    hikvision DS-K1T804AXX Affected: V1.4.0_build221212 , < V1.4.0_build221212 (custom)
    Create a notification for this product.
    hikvision DS-K1T341AXX Affected: V3.2.30_build221223 , < V3.2.30_build221223 (custom)
    Create a notification for this product.
    hikvision DS-K1T671XXX Affected: V3.2.30_build221223 , < V3.2.30_build221223 (custom)
    Create a notification for this product.
    hikvision DS-K1T343XXX Affected: V3.14.0_build230117 , < V3.14.0_build230117 (custom)
    Create a notification for this product.
    hikvision DS-K1T341C Affected: V3.3.8_build230112 , < V3.3.8_build230112 (custom)
    Create a notification for this product.
    hikvision DS-K1T320XXX Affected: V3.5.0_build220706 , < V3.5.0_build220706 (custom)
    Create a notification for this product.
    hikvision DS-KH63 Series,DS-KH85 Series Affected: V2.2.8_build230219 , < V2.2.8_build230219 (custom)
    Create a notification for this product.
    hikvision DS-KH9310-WTE1(B),DS-KH9510-WTE1(B) Affected: V2.1.76_build230204 , < V2.1.76_build230204 (custom)
    Create a notification for this product.
    Date Public
    2023-06-14 00:00
    Credits
    Peter Szot
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T13:51:38.295Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-28810",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-12T21:10:21.294163Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-12T21:10:28.899Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DS-K1T804AXX",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V1.4.0_build221212",
                  "status": "affected",
                  "version": "V1.4.0_build221212",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DS-K1T341AXX",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V3.2.30_build221223",
                  "status": "affected",
                  "version": "V3.2.30_build221223",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DS-K1T671XXX",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V3.2.30_build221223",
                  "status": "affected",
                  "version": "V3.2.30_build221223",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DS-K1T343XXX",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V3.14.0_build230117",
                  "status": "affected",
                  "version": "V3.14.0_build230117",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DS-K1T341C",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V3.3.8_build230112",
                  "status": "affected",
                  "version": "V3.3.8_build230112",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DS-K1T320XXX",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V3.5.0_build220706",
                  "status": "affected",
                  "version": "V3.5.0_build220706",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DS-KH63 Series,DS-KH85 Series",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V2.2.8_build230219",
                  "status": "affected",
                  "version": "V2.2.8_build230219",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "DS-KH9310-WTE1(B),DS-KH9510-WTE1(B)",
              "vendor": "hikvision",
              "versions": [
                {
                  "lessThan": "V2.1.76_build230204",
                  "status": "affected",
                  "version": "V2.1.76_build230204",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Peter Szot"
            }
          ],
          "datePublic": "2023-06-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-15T00:00:00.000Z",
            "orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
            "shortName": "hikvision"
          },
          "references": [
            {
              "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "https://www.hikvision.com/en/support/download/firmware/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
        "assignerShortName": "hikvision",
        "cveId": "CVE-2023-28810",
        "datePublished": "2023-06-15T00:00:00.000Z",
        "dateReserved": "2023-03-23T00:00:00.000Z",
        "dateUpdated": "2024-12-12T21:10:28.899Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }