Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2024-10-18	CVE-2024-47486	Cross-site Scripting vulnerability in Hikvision Hikcentral Master There is an XSS vulnerability in some HikCentral Master Lite versions. network low complexity hikvision CWE-79	6.1
2024-03-02	CVE-2024-25064	Unspecified vulnerability in Hikvision Hikcentral Professional 2.0.0 Due to insufficient server-side validation, an attacker with login privileges could access certain resources that the attacker should not have access to by changing parameter values. network low complexity hikvision	4.3
2023-12-17	CVE-2023-6894	Unspecified vulnerability in Hikvision Intercom Broadcast System A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). network low complexity hikvision	6.5
2023-11-23	CVE-2023-28811	Classic Buffer Overflow vulnerability in Hikvision products There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. low complexity hikvision CWE-120	6.5
2023-06-15	CVE-2023-28810	Unspecified vulnerability in Hikvision products Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. low complexity hikvision	4.3
2022-06-27	CVE-2022-28172	Cross-site Scripting vulnerability in Hikvision products The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. network low complexity hikvision CWE-79	6.1
2020-01-14	CVE-2020-7057	Improper Restriction of Excessive Authentication Attempts vulnerability in Hikvision Ds-7204Hghi-F1 Firmware 4.0.1 Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users. network low complexity hikvision CWE-307	5.3
2017-12-01	CVE-2017-14953	Missing Encryption of Sensitive Data vulnerability in Hikvision Ds-2Cd2432F-Iw Firmware 5.3.0/5.4.0 HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate attackers to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi encryption or authentication. low complexity hikvision CWE-311	6.5
2017-03-13	CVE-2015-4409	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hikvision Ds-76Xxx Series Firmware and Ds-77Xxx Series Firmware Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the SDK issue. network low complexity hikvision CWE-119	6.5
2017-03-13	CVE-2015-4408	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hikvision Ds-76Xxx Series Firmware and Ds-77Xxx Series Firmware Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the ISAPI issue. network low complexity hikvision CWE-119	6.5