Vulnerabilities > Hikvision

DATE	CVE	VULNERABILITY TITLE	RISK
2023-11-23	CVE-2023-28811	Classic Buffer Overflow vulnerability in Hikvision products There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. low complexity hikvision CWE-120	6.5
2023-06-15	CVE-2023-28810	Unspecified vulnerability in Hikvision products Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. low complexity hikvision	4.3
2023-06-15	CVE-2023-28809	Session Fixation vulnerability in Hikvision products Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. network high complexity hikvision CWE-384	7.5
2023-04-11	CVE-2023-28808	Unspecified vulnerability in Hikvision products Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. network low complexity hikvision critical	9.8
2022-06-27	CVE-2022-28171	Command Injection vulnerability in Hikvision products The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. network low complexity hikvision CWE-77 critical	9.8
2022-06-27	CVE-2022-28172	Cross-site Scripting vulnerability in Hikvision products The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. network low complexity hikvision CWE-79	6.1
2021-09-22	CVE-2021-36260	OS Command Injection vulnerability in Hikvision products A command injection vulnerability in the web server of some Hikvision product. network low complexity hikvision CWE-78 critical	9.8
2020-01-14	CVE-2020-7057	Improper Restriction of Excessive Authentication Attempts vulnerability in Hikvision Ds-7204Hghi-F1 Firmware 4.0.1 Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users. network low complexity hikvision CWE-307	5.0
2019-12-27	CVE-2013-4976	Improper Authentication vulnerability in Hikvision Ds-2Cd7153-E Firmware Hikvision DS-2CD7153-E IP Camera has security bypass via hardcoded credentials network low complexity hikvision CWE-287	7.5
2019-12-27	CVE-2013-4975	Improper Privilege Management vulnerability in Hikvision Ds-2Cd7153-E Firmware 4.1.0B130111 Hikvision DS-2CD7153-E IP Camera has Privilege Escalation network low complexity hikvision CWE-269 critical	9.0

Vulnerabilities > Hikvision {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Hikvision"}]}

Vulnerabilities > Hikvision