Search
Find a vulnerability
Search criteria
2 vulnerabilities found for ds-kh6320-wtde1_firmware by hikvision
CVE-2023-28810 (GCVE-0-2023-28810)
Vulnerability from nvd – Published: 2023-06-15 00:00 – Updated: 2024-12-12 21:10
VLAI
Summary
Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| hikvision | DS-K1T804AXX |
Affected:
V1.4.0_build221212 , < V1.4.0_build221212
(custom)
|
|
| hikvision | DS-K1T341AXX |
Affected:
V3.2.30_build221223 , < V3.2.30_build221223
(custom)
|
|
| hikvision | DS-K1T671XXX |
Affected:
V3.2.30_build221223 , < V3.2.30_build221223
(custom)
|
|
| hikvision | DS-K1T343XXX |
Affected:
V3.14.0_build230117 , < V3.14.0_build230117
(custom)
|
|
| hikvision | DS-K1T341C |
Affected:
V3.3.8_build230112 , < V3.3.8_build230112
(custom)
|
|
| hikvision | DS-K1T320XXX |
Affected:
V3.5.0_build220706 , < V3.5.0_build220706
(custom)
|
|
| hikvision | DS-KH63 Series,DS-KH85 Series |
Affected:
V2.2.8_build230219 , < V2.2.8_build230219
(custom)
|
|
| hikvision | DS-KH9310-WTE1(B),DS-KH9510-WTE1(B) |
Affected:
V2.1.76_build230204 , < V2.1.76_build230204
(custom)
|
Date Public
2023-06-14 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28810",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-12T21:10:21.294163Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T21:10:28.899Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DS-K1T804AXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V1.4.0_build221212",
"status": "affected",
"version": "V1.4.0_build221212",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T341AXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.2.30_build221223",
"status": "affected",
"version": "V3.2.30_build221223",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T671XXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.2.30_build221223",
"status": "affected",
"version": "V3.2.30_build221223",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T343XXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.14.0_build230117",
"status": "affected",
"version": "V3.14.0_build230117",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T341C",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.3.8_build230112",
"status": "affected",
"version": "V3.3.8_build230112",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T320XXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.5.0_build220706",
"status": "affected",
"version": "V3.5.0_build220706",
"versionType": "custom"
}
]
},
{
"product": "DS-KH63 Series,DS-KH85 Series",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V2.2.8_build230219",
"status": "affected",
"version": "V2.2.8_build230219",
"versionType": "custom"
}
]
},
{
"product": "DS-KH9310-WTE1(B),DS-KH9510-WTE1(B)",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V2.1.76_build230204",
"status": "affected",
"version": "V2.1.76_build230204",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Peter Szot"
}
],
"datePublic": "2023-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-15T00:00:00.000Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/"
}
],
"solutions": [
{
"lang": "en",
"value": "https://www.hikvision.com/en/support/download/firmware/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2023-28810",
"datePublished": "2023-06-15T00:00:00.000Z",
"dateReserved": "2023-03-23T00:00:00.000Z",
"dateUpdated": "2024-12-12T21:10:28.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28810 (GCVE-0-2023-28810)
Vulnerability from cvelistv5 – Published: 2023-06-15 00:00 – Updated: 2024-12-12 21:10
VLAI
Summary
Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| hikvision | DS-K1T804AXX |
Affected:
V1.4.0_build221212 , < V1.4.0_build221212
(custom)
|
|
| hikvision | DS-K1T341AXX |
Affected:
V3.2.30_build221223 , < V3.2.30_build221223
(custom)
|
|
| hikvision | DS-K1T671XXX |
Affected:
V3.2.30_build221223 , < V3.2.30_build221223
(custom)
|
|
| hikvision | DS-K1T343XXX |
Affected:
V3.14.0_build230117 , < V3.14.0_build230117
(custom)
|
|
| hikvision | DS-K1T341C |
Affected:
V3.3.8_build230112 , < V3.3.8_build230112
(custom)
|
|
| hikvision | DS-K1T320XXX |
Affected:
V3.5.0_build220706 , < V3.5.0_build220706
(custom)
|
|
| hikvision | DS-KH63 Series,DS-KH85 Series |
Affected:
V2.2.8_build230219 , < V2.2.8_build230219
(custom)
|
|
| hikvision | DS-KH9310-WTE1(B),DS-KH9510-WTE1(B) |
Affected:
V2.1.76_build230204 , < V2.1.76_build230204
(custom)
|
Date Public
2023-06-14 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28810",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-12T21:10:21.294163Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T21:10:28.899Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DS-K1T804AXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V1.4.0_build221212",
"status": "affected",
"version": "V1.4.0_build221212",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T341AXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.2.30_build221223",
"status": "affected",
"version": "V3.2.30_build221223",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T671XXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.2.30_build221223",
"status": "affected",
"version": "V3.2.30_build221223",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T343XXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.14.0_build230117",
"status": "affected",
"version": "V3.14.0_build230117",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T341C",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.3.8_build230112",
"status": "affected",
"version": "V3.3.8_build230112",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T320XXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.5.0_build220706",
"status": "affected",
"version": "V3.5.0_build220706",
"versionType": "custom"
}
]
},
{
"product": "DS-KH63 Series,DS-KH85 Series",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V2.2.8_build230219",
"status": "affected",
"version": "V2.2.8_build230219",
"versionType": "custom"
}
]
},
{
"product": "DS-KH9310-WTE1(B),DS-KH9510-WTE1(B)",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V2.1.76_build230204",
"status": "affected",
"version": "V2.1.76_build230204",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Peter Szot"
}
],
"datePublic": "2023-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-15T00:00:00.000Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/"
}
],
"solutions": [
{
"lang": "en",
"value": "https://www.hikvision.com/en/support/download/firmware/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2023-28810",
"datePublished": "2023-06-15T00:00:00.000Z",
"dateReserved": "2023-03-23T00:00:00.000Z",
"dateUpdated": "2024-12-12T21:10:28.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}