Buffer Overflow Vulnerability in Hikvision Web Browser Plug-in
CVE-2023-28812

9.1CRITICAL

Key Information:

Vendor

Hikvision

Status
Localservicecomponents
Vendor
CVE Published:
23 November 2023

What is CVE-2023-28812?

A buffer overflow vulnerability exists in Hikvision's web browser plug-in, which can be exploited by attackers through specially crafted messages sent to devices installed with the plug-in. Successful exploitation may allow execution of arbitrary code or cause exceptions in the process, potentially compromising the integrity and security of the affected systems.

Affected Version(s)

LocalServiceComponents version 1.0.0.78 and the versions prior to it

References

https://www.hikvision.com/en/support/cybersecurity/securi...

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

KITRI BoB 12th
JSON
.
CVE-2023-28812 : Buffer Overflow Vulnerability in Hikvision Web Browser Plug-in