Vendor CVEs
Hikvision
All CVEs
47 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-7921 | Cri | 0.87 | 9.8 | 1.00 | KEV | May 6, 2017 | An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series… | |
| CVE-2025-34067 | Cri | 0.66 | — | 0.19 | Jul 2, 2025 | An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user… | ||
| CVE-2023-28815 | Cri | 0.64 | 9.8 | 0.01 | Oct 17, 2025 | Some versions of Hikvision's iSecure Center Product contain insufficient parameter validation, resulting in a command injection vulnerability. Attackers may exploit this to gain platform privileges and execute arbitrary commands on the system.iSecure Center is software released… | ||
| CVE-2023-28814 | Cri | 0.64 | 9.8 | 0.00 | Oct 17, 2025 | Some versions of Hikvision's iSecure Center Product have an improper file upload control vulnerability. Due to the improper verification of file to be uploaded, attackers may upload malicious files to the server. iSecure Center is software released for China's domestic market… | ||
| CVE-2018-6414 | Cri | 0.64 | 9.8 | 0.03 | Aug 13, 2018 | A buffer overflow vulnerability in the web server of some Hikvision IP Cameras allows an attacker to send a specially crafted message to affected devices. Due to the insufficient input validation, successful exploit can corrupt memory and lead to arbitrary code execution or… | ||
| CVE-2025-34058 | Hig | 0.57 | — | 0.01 | Jul 1, 2025 | Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After authenticating with these credentials, an attacker can exploit an arbitrary file read vulnerability in the… | ||
| CVE-2017-7923 | Hig | 0.57 | 8.8 | 0.02 | May 6, 2017 | A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD… | ||
| CVE-2025-39247 | Hig | 0.56 | 8.6 | 0.01 | Aug 29, 2025 | There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission. | ||
| CVE-2024-58274 | Hig | 0.54 | 8.3 | 0.18 | Oct 22, 2025 | Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2024-08-01 allows execution of a command within $( ) in /center/api/installation/detection JSON data, as exploited in the wild in 2024 and 2025. | ||
| CVE-2023-53691 | Hig | 0.54 | 8.3 | 0.01 | Oct 22, 2025 | Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2023-06-25 allows file upload via /center/api/files directory traversal, as exploited in the wild in 2024 and 2025. | ||
| CVE-2017-13774 | Hig | 0.51 | 7.8 | 0.00 | Aug 30, 2017 | Hikvision iVMS-4200 devices before v2.6.2.7 allow local users to generate password-recovery codes via unspecified vectors. | ||
| CVE-2025-45851 | Hig | 0.49 | 7.5 | 0.01 | Jun 27, 2025 | An issue in Hikvision DS-2CD1321-I V5.7.21 build 230819 allows attackers to cause a Denial of Service (DoS) via sending a crafted POST request to the endpoint /ISAPI/Security/challenge. The vendor has stated that upgrading to V5.7.23_SP2 fixes the issue. | ||
| CVE-2018-6413 | Hig | 0.49 | 7.5 | 0.02 | Apr 18, 2018 | There is a buffer overflow in the Hikvision Camera DS-2CD9111-S of V4.1.2 build 160203 and before, and this vulnerability allows remote attackers to launch a denial of service attack (service interruption) via a crafted network setting interface request. | ||
| CVE-2026-3828 | Hig | 0.47 | 7.2 | 0.01 | May 9, 2026 | Some Hikvision switch products (discontinued since December 2023) are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to… | ||
| CVE-2026-1749 | Med | 0.44 | 6.8 | 0.00 | May 9, 2026 | There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission. | ||
| CVE-2017-14953 | Med | 0.42 | 6.5 | 0.00 | Dec 1, 2017 | HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate attackers to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi encryption or authentication. NOTE: Vendor states that this is not a… | ||
| CVE-2015-4409 | Med | 0.42 | 6.5 | 0.01 | Mar 13, 2017 | Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the SDK issue. | ||
| CVE-2015-4408 | Med | 0.42 | 6.5 | 0.01 | Mar 13, 2017 | Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the ISAPI issue. | ||
| CVE-2015-4407 | Med | 0.42 | 6.5 | 0.01 | Mar 13, 2017 | Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the PSIA issue. | ||
| CVE-2025-39246 | Med | 0.34 | 5.3 | 0.00 | Aug 29, 2025 | There is an Unquoted Service Path Vulnerability in some HikCentral FocSign versions. This could allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2025-39245 | Med | 0.31 | 4.7 | 0.00 | Aug 29, 2025 | There is a CSV Injection Vulnerability in some HikCentral Master Lite versions. This could allow an attacker to inject executable commands via malicious CSV data. | ||
| CVE-2024-29948 | Low | 0.25 | 3.8 | 0.00 | Apr 2, 2024 | There is an out-of-bounds read vulnerability in some Hikvision NVRs. An authenticated attacker could exploit this vulnerability by sending specially crafted messages to a vulnerable device, causing a service abnormality. | ||
| CVE-2026-32684 | Low | 0.19 | 2.9 | 0.00 | May 12, 2026 | The application does not impose strict enough restrictions on directory access permissions, posing a risk that other malicious applications could obtain sensitive information. | ||
| CVE-2022-28171 | 0.10 | — | 0.50 | Jun 27, 2022 | The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to execute restricted commands by sending messages with malicious commands to the… | |||
| CVE-2014-4880 | 0.09 | — | 0.72 | Dec 8, 2014 | Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote attackers to execute arbitrary code via an RTSP PLAY request with a long Authorization header. | |||
| CVE-2023-6895 | 0.07 | — | 0.89 | Dec 17, 2023 | A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondata[ip] with the input netstat -ano leads… | |||
| CVE-2023-6893 | 0.07 | — | 0.70 | Dec 17, 2023 | A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) and classified as problematic. Affected by this issue is some unknown functionality of the file /php/exportrecord.php. The manipulation of the argument downname with the input… | |||
| CVE-2013-4976 | 0.04 | — | 0.36 | Dec 27, 2019 | Hikvision DS-2CD7153-E IP Camera has security bypass via hardcoded credentials | |||
| CVE-2013-4975 | 0.04 | — | 0.12 | Dec 27, 2019 | Hikvision DS-2CD7153-E IP Camera has Privilege Escalation | |||
| CVE-2013-4977 | 0.04 | — | 0.17 | Mar 3, 2014 | Buffer overflow in the RTSP Packet Handler in Hikvision DS-2CD7153-E IP camera with firmware 4.1.0 b130111 (Jan 2013), and possibly other devices, allows remote attackers to cause a denial of service (device crash and reboot) and possibly execute arbitrary code via a long string… | |||
| CVE-2025-66174 | 0.00 | — | 0.00 | Dec 19, 2025 | There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and run a series… | |||
| CVE-2025-66173 | 0.00 | — | 0.00 | Dec 19, 2025 | There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and gaining access to… | |||
| CVE-2024-47486 | 0.00 | — | 0.00 | Oct 18, 2024 | There is an XSS vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could inject scripts into certain pages by building malicious data. | |||
| CVE-2024-47487 | 0.00 | — | 0.00 | Oct 18, 2024 | There is a SQL injection vulnerability in some HikCentral Professional versions. This could allow an authenticated user to execute arbitrary SQL queries. | |||
| CVE-2024-47485 | 0.00 | — | 0.01 | Oct 18, 2024 | There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could build malicious data to generate executable commands in the CSV file. | |||
| CVE-2024-8449 | 0.00 | — | 0.00 | Sep 30, 2024 | Certain switch models from PLANET Technology have a Hard-coded Credential in the password recovering functionality, allowing an unauthenticated attacker to connect to the device via the serial console and use this credential to reset any user's password. | |||
| CVE-2023-33806 | 0.00 | — | 0.00 | Apr 15, 2024 | Insecure default configurations in Hikvision Interactive Tablet DS-D5B86RB/B V2.3.0 build220119, allows attackers to execute arbitrary commands. | |||
| CVE-2024-25064 | 0.00 | — | 0.00 | Mar 2, 2024 | Due to insufficient server-side validation, an attacker with login privileges could access certain resources that the attacker should not have access to by changing parameter values. | |||
| CVE-2024-25063 | 0.00 | — | 0.01 | Mar 2, 2024 | Due to insufficient server-side validation, a successful exploit of this vulnerability could allow an attacker to gain access to certain URLs that the attacker should not have access to. | |||
| CVE-2023-6894 | 0.00 | — | 0.01 | Dec 17, 2023 | A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been classified as problematic. This affects an unknown part of the file access/html/system.html of the component Log File Handler. The manipulation leads to information… | |||
| CVE-2023-28812 | 0.00 | — | 0.01 | Nov 23, 2023 | There is a buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit the vulnerability by sending crafted messages to computers installed with this plug-in, which could lead to arbitrary code execution or cause process exception of the plug-in. | |||
| CVE-2023-28809 | 0.00 | — | 0.01 | Jun 15, 2023 | Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and… | |||
| CVE-2023-28808 | 0.00 | — | 0.01 | Apr 11, 2023 | Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices. | |||
| CVE-2022-2323 | 0.00 | — | 0.01 | Jul 29, 2022 | Improper neutralization of special elements used in a user input allows an authenticated malicious user to perform remote code execution in the host system. This vulnerability impacts SonicWall Switch 1.1.1.0-2s and earlier versions | |||
| CVE-2022-28172 | 0.00 | — | 0.01 | Jun 27, 2022 | The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to XSS attack by sending messages with malicious commands to the affected device. | |||
| CVE-2021-20024 | 0.00 | — | 0.01 | Jul 9, 2021 | Multiple Out-of-Bound read vulnerability in SonicWall Switch when handling LLDP Protocol allows an attacker to cause a system instability or potentially read sensitive information from the memory locations. | |||
| CVE-2020-7057 | 0.00 | — | 0.01 | Jan 14, 2020 | Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users. However, only about 4 or 5… |
- risk 0.87cvss 9.8epss 1.00
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series…
- risk 0.66cvss —epss 0.19
An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user…
- risk 0.64cvss 9.8epss 0.01
Some versions of Hikvision's iSecure Center Product contain insufficient parameter validation, resulting in a command injection vulnerability. Attackers may exploit this to gain platform privileges and execute arbitrary commands on the system.iSecure Center is software released…
- risk 0.64cvss 9.8epss 0.00
Some versions of Hikvision's iSecure Center Product have an improper file upload control vulnerability. Due to the improper verification of file to be uploaded, attackers may upload malicious files to the server. iSecure Center is software released for China's domestic market…
- risk 0.64cvss 9.8epss 0.03
A buffer overflow vulnerability in the web server of some Hikvision IP Cameras allows an attacker to send a specially crafted message to affected devices. Due to the insufficient input validation, successful exploit can corrupt memory and lead to arbitrary code execution or…
- risk 0.57cvss —epss 0.01
Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After authenticating with these credentials, an attacker can exploit an arbitrary file read vulnerability in the…
- risk 0.57cvss 8.8epss 0.02
A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD…
- risk 0.56cvss 8.6epss 0.01
There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission.
- risk 0.54cvss 8.3epss 0.18
Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2024-08-01 allows execution of a command within $( ) in /center/api/installation/detection JSON data, as exploited in the wild in 2024 and 2025.
- risk 0.54cvss 8.3epss 0.01
Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2023-06-25 allows file upload via /center/api/files directory traversal, as exploited in the wild in 2024 and 2025.
- risk 0.51cvss 7.8epss 0.00
Hikvision iVMS-4200 devices before v2.6.2.7 allow local users to generate password-recovery codes via unspecified vectors.
- risk 0.49cvss 7.5epss 0.01
An issue in Hikvision DS-2CD1321-I V5.7.21 build 230819 allows attackers to cause a Denial of Service (DoS) via sending a crafted POST request to the endpoint /ISAPI/Security/challenge. The vendor has stated that upgrading to V5.7.23_SP2 fixes the issue.
- risk 0.49cvss 7.5epss 0.02
There is a buffer overflow in the Hikvision Camera DS-2CD9111-S of V4.1.2 build 160203 and before, and this vulnerability allows remote attackers to launch a denial of service attack (service interruption) via a crafted network setting interface request.
- risk 0.47cvss 7.2epss 0.01
Some Hikvision switch products (discontinued since December 2023) are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to…
- risk 0.44cvss 6.8epss 0.00
There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission.
- risk 0.42cvss 6.5epss 0.00
HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate attackers to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi encryption or authentication. NOTE: Vendor states that this is not a…
- risk 0.42cvss 6.5epss 0.01
Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the SDK issue.
- risk 0.42cvss 6.5epss 0.01
Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the ISAPI issue.
- risk 0.42cvss 6.5epss 0.01
Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the PSIA issue.
- risk 0.34cvss 5.3epss 0.00
There is an Unquoted Service Path Vulnerability in some HikCentral FocSign versions. This could allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.31cvss 4.7epss 0.00
There is a CSV Injection Vulnerability in some HikCentral Master Lite versions. This could allow an attacker to inject executable commands via malicious CSV data.
- risk 0.25cvss 3.8epss 0.00
There is an out-of-bounds read vulnerability in some Hikvision NVRs. An authenticated attacker could exploit this vulnerability by sending specially crafted messages to a vulnerable device, causing a service abnormality.
- risk 0.19cvss 2.9epss 0.00
The application does not impose strict enough restrictions on directory access permissions, posing a risk that other malicious applications could obtain sensitive information.
- CVE-2022-28171Jun 27, 2022risk 0.10cvss —epss 0.50
The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to execute restricted commands by sending messages with malicious commands to the…
- CVE-2014-4880Dec 8, 2014risk 0.09cvss —epss 0.72
Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote attackers to execute arbitrary code via an RTSP PLAY request with a long Authorization header.
- CVE-2023-6895Dec 17, 2023risk 0.07cvss —epss 0.89
A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondata[ip] with the input netstat -ano leads…
- CVE-2023-6893Dec 17, 2023risk 0.07cvss —epss 0.70
A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) and classified as problematic. Affected by this issue is some unknown functionality of the file /php/exportrecord.php. The manipulation of the argument downname with the input…
- CVE-2013-4976Dec 27, 2019risk 0.04cvss —epss 0.36
Hikvision DS-2CD7153-E IP Camera has security bypass via hardcoded credentials
- CVE-2013-4975Dec 27, 2019risk 0.04cvss —epss 0.12
Hikvision DS-2CD7153-E IP Camera has Privilege Escalation
- CVE-2013-4977Mar 3, 2014risk 0.04cvss —epss 0.17
Buffer overflow in the RTSP Packet Handler in Hikvision DS-2CD7153-E IP camera with firmware 4.1.0 b130111 (Jan 2013), and possibly other devices, allows remote attackers to cause a denial of service (device crash and reboot) and possibly execute arbitrary code via a long string…
- CVE-2025-66174Dec 19, 2025risk 0.00cvss —epss 0.00
There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and run a series…
- CVE-2025-66173Dec 19, 2025risk 0.00cvss —epss 0.00
There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and gaining access to…
- CVE-2024-47486Oct 18, 2024risk 0.00cvss —epss 0.00
There is an XSS vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could inject scripts into certain pages by building malicious data.
- CVE-2024-47487Oct 18, 2024risk 0.00cvss —epss 0.00
There is a SQL injection vulnerability in some HikCentral Professional versions. This could allow an authenticated user to execute arbitrary SQL queries.
- CVE-2024-47485Oct 18, 2024risk 0.00cvss —epss 0.01
There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could build malicious data to generate executable commands in the CSV file.
- CVE-2024-8449Sep 30, 2024risk 0.00cvss —epss 0.00
Certain switch models from PLANET Technology have a Hard-coded Credential in the password recovering functionality, allowing an unauthenticated attacker to connect to the device via the serial console and use this credential to reset any user's password.
- CVE-2023-33806Apr 15, 2024risk 0.00cvss —epss 0.00
Insecure default configurations in Hikvision Interactive Tablet DS-D5B86RB/B V2.3.0 build220119, allows attackers to execute arbitrary commands.
- CVE-2024-25064Mar 2, 2024risk 0.00cvss —epss 0.00
Due to insufficient server-side validation, an attacker with login privileges could access certain resources that the attacker should not have access to by changing parameter values.
- CVE-2024-25063Mar 2, 2024risk 0.00cvss —epss 0.01
Due to insufficient server-side validation, a successful exploit of this vulnerability could allow an attacker to gain access to certain URLs that the attacker should not have access to.
- CVE-2023-6894Dec 17, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been classified as problematic. This affects an unknown part of the file access/html/system.html of the component Log File Handler. The manipulation leads to information…
- CVE-2023-28812Nov 23, 2023risk 0.00cvss —epss 0.01
There is a buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit the vulnerability by sending crafted messages to computers installed with this plug-in, which could lead to arbitrary code execution or cause process exception of the plug-in.
- CVE-2023-28809Jun 15, 2023risk 0.00cvss —epss 0.01
Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and…
- CVE-2023-28808Apr 11, 2023risk 0.00cvss —epss 0.01
Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.
- CVE-2022-2323Jul 29, 2022risk 0.00cvss —epss 0.01
Improper neutralization of special elements used in a user input allows an authenticated malicious user to perform remote code execution in the host system. This vulnerability impacts SonicWall Switch 1.1.1.0-2s and earlier versions
- CVE-2022-28172Jun 27, 2022risk 0.00cvss —epss 0.01
The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to XSS attack by sending messages with malicious commands to the affected device.
- CVE-2021-20024Jul 9, 2021risk 0.00cvss —epss 0.01
Multiple Out-of-Bound read vulnerability in SonicWall Switch when handling LLDP Protocol allows an attacker to cause a system instability or potentially read sensitive information from the memory locations.
- CVE-2020-7057Jan 14, 2020risk 0.00cvss —epss 0.01
Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users. However, only about 4 or 5…