Unrated severityNVD Advisory· Published Jun 15, 2023· Updated Dec 18, 2024
CVE-2023-28809
CVE-2023-28809
Description
Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user.
Affected products
7- hikvision/DS-K1T320XXXv5Range: V3.5.0_build220706
- hikvision/DS-K1T341AXXv5Range: V3.2.30_build221223
- hikvision/DS-K1T341Cv5Range: V3.3.8_build230112
- hikvision/DS-K1T343XXXv5Range: V3.14.0_build230117
- hikvision/DS-K1T671XXXv5Range: V3.2.30_build221223
- hikvision/DS-K1T804AXXv5Range: V1.4.0_build221212
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.