CVE-2023-28814

CRITICAL

9.8

Description

Some versions of Hikvision's iSecure Center Product have an improper file upload control vulnerability. Due to the improper verification of file to be uploaded, attackers may upload malicious files to the server. iSecure Center is software released for China's domestic market only, with no overseas release.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie10/17/2025

Derniere modification10/21/2025

Sourcenvd

Observations honeypot0

Faiblesses (CWE)

CWE-434

References

https://www.hikvision.com/cn/support/CybersecurityCenter/SecurityNotices/2023-03/(hsrc@hikvision.com)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.