Vulnerabilities > Hikvision > High

DATE CVE VULNERABILITY TITLE RISK
2024-10-18 CVE-2024-47487 SQL Injection vulnerability in Hikvision Hikcentral Professional 2.0.0/2.5.1
There is a SQL injection vulnerability in some HikCentral Professional versions.
network
low complexity
hikvision CWE-89
8.8
2024-03-02 CVE-2024-25063 Unspecified vulnerability in Hikvision Hikcentral Professional 2.0.0/2.5.1
Due to insufficient server-side validation, a successful exploit of this vulnerability could allow an attacker to gain access to certain URLs that the attacker should not have access to.
network
low complexity
hikvision
7.5
2023-12-17 CVE-2023-6893 Unspecified vulnerability in Hikvision Intercom Broadcast System
A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) and classified as problematic.
network
low complexity
hikvision
7.5
2023-11-23 CVE-2023-28813 Unspecified vulnerability in Hikvision Localservicecomponents 1.0.0.78
An attacker could exploit a vulnerability by sending crafted messages to computers installed with this plug-in to modify plug-in parameters, which could cause affected computers to download malicious files.
network
low complexity
hikvision
7.5
2023-06-15 CVE-2023-28809 Session Fixation vulnerability in Hikvision products
Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in.
network
high complexity
hikvision CWE-384
7.5
2019-12-27 CVE-2013-4975 Improper Privilege Management vulnerability in Hikvision Ds-2Cd7153-E Firmware 4.1.0B130111
Hikvision DS-2CD7153-E IP Camera has Privilege Escalation
network
low complexity
hikvision CWE-269
8.8
2018-04-18 CVE-2018-6413 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hikvision Ds-2Cd9111-S Firmware 4.1.2
There is a buffer overflow in the Hikvision Camera DS-2CD9111-S of V4.1.2 build 160203 and before, and this vulnerability allows remote attackers to launch a denial of service attack (service interruption) via a crafted network setting interface request.
network
low complexity
hikvision CWE-119
7.5
2017-08-30 CVE-2017-13774 Information Exposure vulnerability in Hikvision Ivms-4200 2.6.2.6
Hikvision iVMS-4200 devices before v2.6.2.7 allow local users to generate password-recovery codes via unspecified vectors.
local
low complexity
hikvision CWE-200
7.8
2017-05-06 CVE-2017-7923 Information Exposure vulnerability in Hikvision products
A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices.
network
low complexity
hikvision CWE-200
8.8