Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-28811: Buffer Overflow Vulnerability in Hikvision NVR/DVR Devices

There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.

CVE
Open in Source
#vulnerability#web#buffer_overflow

SN No. HSRC-202311-01

Edit: Hikvision Security Response Center (HSRC)

Initial Release Date: 2023-11-17

Summary

Hikvision has released a patch to fix a buffer overflow vulnerability in the password recovery feature of Hikvision NVR/DVR models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.

CVE ID

CVE-2023-28811

Scoring

CVSS v3.1 was used in scoring this vulnerability.

(http://www.first.org/cvss/specification-document)

Base score: 7.4 (AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)

**
**Affected Versions and Fixes****

Product Name

Affected Versions

Fix Download

DVR

iDS-EXXHUH

DS-EXXHGH

iDS-EXXHQH

DVR-EXXHUH

DVR-EXXHGH

DVR-EXXHQH

iDS-72XXHQH-M©

iDS-72XXHUH-M©

iDS-72XXHQH-M(E)

iDS-72XXHUH-M(E)

iDS-72XXHTH-M©

HW-HWD-72XXMH-G4

HW-HWD-62XXMH-G4

HL-DVR-216Q-K2(E)

DS-71XXHGH-M©

DS-72XXHGH-M©

DS-71XXHGH-K(S)

DS-72XXHGH-K(S)

HL-DVR-1XXG-K(S)

HL-DVR-2XXG-K(S)

HL-DVR-1XXG-M©

HL-DVR-2XXG-M©

HW-HWD-51XXH(S)

HW-HWD-51XXH-G

HW-HWD-51XXMH-G

iDS-71xxHQH-M©

iDS-71xxHQH-M(E)

iDS-72xxHQH-M/E©

iDS-72xxHQH-M/E(E)

HL-DVR-2XXQ-M©

HL-DVR-2XXQ-M(E)

HW-HWD-61XXMH-G4

HW-HWD-61XXMH-G4(E)

iDS-71xxHUH-M©

iDS-72xxHUH-M/E©

iDS-71xxHUH-M(E)

iDS-72xxHUH-M/E(E)

HL-DVR-2XXU-M©

HL-DVR-2XXU-M(E)

HW-HWD-71XXMH-G4

HW-HWD-71XXMH-G4(E)

V4.1.60 build date before 20230821

Version build date after 20230821

NVR

NVR-2xxMH-C(D)

NVR-1xxMH-C(D)

HW-HWN-42xxMH(D)

HW-HWN-41xxMH(D)

DS-71xxNI-Q1©

DS-71xxNI-Q1(D)

HL-NVR-1xxMH-D©

HL-NVR-1xxMH-D(D)

HW-HWN-21xxMH©

HW-HWN-21xxMH(D)

DS-76xxNI-Q1©

DS-76xxNI-Q2©

DS-76xxNI-K1©

HW-HWN-41xxMH©

HW-HWN-42xxMH©

HL-NVR-1xxMH-C©

HL-NVR-2xxMH-C©

DS-77xxNI-I4(B)

V4.1.60 build date before 20230821

Version build date after 20230821

Obtaining Fixed Versions

Users can download patches/updates on the Hikvision official website or contact [email protected].

Source of Vulnerability Information:

The vulnerability was reported to HSRC by Sergio Ruiz of the IOActive team.

Contact Us:

To report any security issues or vulnerabilities in Hikvision products and solutions, please contact the Hikvision Security Response Center at [email protected].

Hikvision would like to thank all security researchers for your attention to our products.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE