CSV Injection Vulnerability Affects HikCentral Master Lite Versions
CVE-2024-47485

5.5MEDIUM

Key Information:

Vendor: Hikvision
Status: Hikcentral Master Lite
Vendor: CVE Published:; 18 October 2024

What is CVE-2024-47485?

A vulnerability exists in certain versions of HikCentral Master Lite, allowing for CSV injection attacks. This flaw enables attackers to craft malicious CSV content that, when executed, can run unintended commands within the affected application. Exploitation could lead to data manipulation and unauthorized system access, posing significant risks to user data integrity and confidentiality. Users are urged to apply the latest security updates and adhere to best practices to mitigate potential threats.

Affected Version(s)

HikCentral Master Lite Versions between V2.0.0 and V2.2.1

References

https://www.hikvision.com/en/support/cybersecurity/securi...

CVSS V4

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 18, 2024
Vulnerability Reserved
Sep 25, 2024

Credit

Yousef Alfuhaid

Hikvision

What is CVE-2024-47485?

Affected Version(s)

References

CVSS V4

Timeline

Credit