Vulnerabilities > Hikvision > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-18 | CVE-2024-47485 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Hikvision Hikcentral Master There is a CSV injection vulnerability in some HikCentral Master Lite versions. | 9.8 |
2023-12-17 | CVE-2023-6895 | OS Command Injection vulnerability in Hikvision Intercom Broadcast System A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). | 9.8 |
2023-11-23 | CVE-2023-28812 | Classic Buffer Overflow vulnerability in Hikvision Localservicecomponents 1.0.0.78 There is a buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit the vulnerability by sending crafted messages to computers installed with this plug-in, which could lead to arbitrary code execution or cause process exception of the plug-in. | 9.8 |
2023-04-11 | CVE-2023-28808 | Unspecified vulnerability in Hikvision products Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. | 9.8 |
2022-06-27 | CVE-2022-28171 | Command Injection vulnerability in Hikvision products The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. | 9.8 |
2021-09-22 | CVE-2021-36260 | OS Command Injection vulnerability in Hikvision products A command injection vulnerability in the web server of some Hikvision product. | 9.8 |
2019-12-27 | CVE-2013-4975 | Improper Privilege Management vulnerability in Hikvision Ds-2Cd7153-E Firmware 4.1.0B130111 Hikvision DS-2CD7153-E IP Camera has Privilege Escalation | 9.0 |
2014-03-03 | CVE-2013-4977 | Buffer Errors vulnerability in Hikvision Ds-2Cd7153-E and Ds-2Cd7153-E Firmware Buffer overflow in the RTSP Packet Handler in Hikvision DS-2CD7153-E IP camera with firmware 4.1.0 b130111 (Jan 2013), and possibly other devices, allows remote attackers to cause a denial of service (device crash and reboot) and possibly execute arbitrary code via a long string in the Range header field in an RTSP transaction. | 10.0 |