Remote Code Execution Vulnerability in Hikvision Web Browser Plug-in
CVE-2023-28813

7.5HIGH

Key Information:

Vendor

Hikvision

Status
LocalServiceComponents
Vendor
CVE Published:
23 November 2023

What is CVE-2023-28813?

A vulnerability in the Hikvision Web Browser Plug-in allows attackers to send specially crafted messages to affected systems. This could lead to unauthorized modifications of plug-in parameters, ultimately permitting attackers to cause the systems to download malicious files. Users of the affected plug-in are advised to apply necessary security measures to mitigate potential exploits.

Affected Version(s)

LocalServiceComponents version 1.0.0.78 and the versions prior to it

References

https://www.hikvision.com/en/support/cybersecurity/securi...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

KITRI BoB 12th
JSON
.
CVE-2023-28813 : Remote Code Execution Vulnerability in Hikvision Web Browser Plug-in