Vulnerabilities > Hikvision

DATE	CVE	VULNERABILITY TITLE	RISK
2023-11-23	CVE-2023-28811	Classic Buffer Overflow vulnerability in Hikvision products There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. low complexity hikvision CWE-120	6.5
2023-06-15	CVE-2023-28810	Unspecified vulnerability in Hikvision products Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. low complexity hikvision	4.3
2023-06-15	CVE-2023-28809	Session Fixation vulnerability in Hikvision products Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. network high complexity hikvision CWE-384	7.5
2023-04-11	CVE-2023-28808	Unspecified vulnerability in Hikvision products Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. network low complexity hikvision critical	9.8
2022-12-19	CVE-2022-28173	Unspecified vulnerability in Hikvision Ds-3Wf01C-2N/O Firmware and Ds-3Wf0Ac-2Nt Firmware The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permission. network low complexity hikvision critical	9.8
2022-06-27	CVE-2022-28171	Command Injection vulnerability in Hikvision products The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. network low complexity hikvision CWE-77 critical	9.8
2022-06-27	CVE-2022-28172	Cross-site Scripting vulnerability in Hikvision products The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. network low complexity hikvision CWE-79	6.1
2021-09-22	CVE-2021-36260	OS Command Injection vulnerability in Hikvision products A command injection vulnerability in the web server of some Hikvision product. network low complexity hikvision CWE-78 critical	9.8
2020-01-14	CVE-2020-7057	Improper Restriction of Excessive Authentication Attempts vulnerability in Hikvision Ds-7204Hghi-F1 Firmware 4.0.1 Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users. network low complexity hikvision CWE-307	5.3
2019-12-27	CVE-2013-4976	Improper Authentication vulnerability in Hikvision Ds-2Cd7153-E Firmware Hikvision DS-2CD7153-E IP Camera has security bypass via hardcoded credentials network low complexity hikvision CWE-287 critical	9.8

Vulnerabilities > Hikvision {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Hikvision"}]}

Vulnerabilities > Hikvision