CVE-2023-28810

EUVD-2023-32445
Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
hikvisionCNA
4.3 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
Affected Products (NVD)
VendorProductVersion
hikvisionds-k1t804af_firmware
𝑥
≤ 1.4.0_build221212
hikvisionds-k1t804amf_firmware
𝑥
≤ 1.4.0_build221212
hikvisionds-k1t341am_firmware
𝑥
≤ 3.2.30_build221223
hikvisionds-k1t341amf_firmware
𝑥
≤ 3.2.30_build221223
hikvisionds-k1t671m_firmware
𝑥
≤ 3.2.30_build221223
hikvisionds-k1t671mf_firmware
𝑥
≤ 3.2.30_build221223
hikvisionds-k1t671_firmware
𝑥
≤ 3.2.30_build221223
hikvisionds-k1t343efwx_firmware
𝑥
≤ 3.14.0_build230117
hikvisionds-k1t343efx_firmware
𝑥
≤ 3.14.0_build230117
hikvisionds-k1t343ewx_firmware
𝑥
≤ 3.14.0_build230117
hikvisionds-k1t343ex_firmware
𝑥
≤ 3.14.0_build230117
hikvisionds-k1t343mfwx_firmware
𝑥
≤ 3.14.0_build230117
hikvisionds-k1t343mfx_firmware
𝑥
≤ 3.14.0_build230117
hikvisionds-k1t343mwx_firmware
𝑥
≤ 3.14.0_build230117
hikvisionds-k1t343mx_firmware
𝑥
≤ 3.14.0_build230117
hikvisionds-k1t341c_firmware
𝑥
≤ 3.3.8_build230112
hikvisionds-k1t320efwx_firmware
𝑥
≤ 3.5.0_build220706
hikvisionds-k1t320efx_firmware
𝑥
≤ 3.5.0_build220706
hikvisionds-k1t320ewx_firmware
𝑥
≤ 3.5.0_build220706
hikvisionds-k1t320ex_firmware
𝑥
≤ 3.5.0_build220706
hikvisionds-k1t320mfwx_firmware
𝑥
≤ 3.5.0_build220706
hikvisionds-k1t320mfx_firmware
𝑥
≤ 3.5.0_build220706
hikvisionds-k1t320mwx_firmware
𝑥
≤ 3.5.0_build220706
hikvisionds-k1t320mx_firmware
𝑥
≤ 3.5.0_build220706
hikvisionds-kh6320-wte1_firmware
𝑥
≤ 2.2.8_build230219
hikvisionds-kh6350-wte1_firmware
𝑥
≤ 2.2.8_build230219
hikvisionds-kh6351-te1_firmware
𝑥
≤ 2.2.8_build230219
hikvisionds-kh6351-wte1_firmware
𝑥
≤ 2.2.8_build230219
hikvisionds-kh6320-le1_firmware
𝑥
≤ 2.2.8_build230219
hikvisionds-kh63le1\(b\)_firmware
𝑥
≤ 2.2.8_build230219
hikvisionds-kh6320-tde1_firmware
𝑥
≤ 2.2.8_build230219
hikvisionds-kh6320-te1_firmware
𝑥
≤ 2.2.8_build230219
hikvisionds-kh6320-wtde1_firmware
𝑥
≤ 2.2.8_build230219
hikvisionds-kh8520-wte1_firmware
𝑥
≤ 2.2.8_build230219
hikvisionds-kh6220-le1_firmware
𝑥
≤ 1.4.62_build220414
hikvisionds-kh9310-wte1\(b\)_firmware
𝑥
≤ 2.1.76_build230204
hikvisionds-kh9510-wte1\(b\)_firmware
𝑥
≤ 2.1.76_build230204
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/
https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/