Vulnerabilities > Hikvision > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-10-18 CVE-2024-47485 Improper Neutralization of Formula Elements in a CSV File vulnerability in Hikvision Hikcentral Master
There is a CSV injection vulnerability in some HikCentral Master Lite versions.
network
low complexity
hikvision CWE-1236
critical
9.8
2023-12-17 CVE-2023-6895 OS Command Injection vulnerability in Hikvision Intercom Broadcast System
A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK).
network
low complexity
hikvision CWE-78
critical
9.8
2023-11-23 CVE-2023-28812 Classic Buffer Overflow vulnerability in Hikvision Localservicecomponents 1.0.0.78
There is a buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit the vulnerability by sending crafted messages to computers installed with this plug-in, which could lead to arbitrary code execution or cause process exception of the plug-in.
network
low complexity
hikvision CWE-120
critical
9.8
2023-04-11 CVE-2023-28808 Unspecified vulnerability in Hikvision products
Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission.
network
low complexity
hikvision
critical
9.8
2022-12-19 CVE-2022-28173 Unspecified vulnerability in Hikvision Ds-3Wf01C-2N/O Firmware and Ds-3Wf0Ac-2Nt Firmware
The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permission.
network
low complexity
hikvision
critical
9.8
2022-06-27 CVE-2022-28171 Command Injection vulnerability in Hikvision products
The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability.
network
low complexity
hikvision CWE-77
critical
9.8
2021-09-22 CVE-2021-36260 OS Command Injection vulnerability in Hikvision products
A command injection vulnerability in the web server of some Hikvision product.
network
low complexity
hikvision CWE-78
critical
9.8
2019-12-27 CVE-2013-4976 Improper Authentication vulnerability in Hikvision Ds-2Cd7153-E Firmware
Hikvision DS-2CD7153-E IP Camera has security bypass via hardcoded credentials
network
low complexity
hikvision CWE-287
critical
9.8
2018-08-13 CVE-2018-6414 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hikvision IP Cameras
A buffer overflow vulnerability in the web server of some Hikvision IP Cameras allows an attacker to send a specially crafted message to affected devices.
network
low complexity
hikvision CWE-119
critical
9.8
2017-05-06 CVE-2017-7921 Improper Authentication vulnerability in Hikvision products
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices.
network
low complexity
hikvision CWE-287
critical
10.0