Buffer Overflow Vulnerability in Hikvision Web Browser Plug-in
CVE-2023-28812

9.1CRITICAL

Key Information:

Vendor: Hikvision
Status: Localservicecomponents
Vendor: CVE Published:; 23 November 2023

What is CVE-2023-28812?

A buffer overflow vulnerability exists in Hikvision's web browser plug-in, which can be exploited by attackers through specially crafted messages sent to devices installed with the plug-in. Successful exploitation may allow execution of arbitrary code or cause exceptions in the process, potentially compromising the integrity and security of the affected systems.

Affected Version(s)

LocalServiceComponents version 1.0.0.78 and the versions prior to it

References

https://www.hikvision.com/en/support/cybersecurity/securi...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 23, 2023
Vulnerability Reserved
Mar 23, 2023

Credit

KITRI BoB 12th