CVE-2023-28815

CRITICAL

9.8

Description

Some versions of Hikvision's iSecure Center Product contain insufficient parameter validation, resulting in a command injection vulnerability. Attackers may exploit this to gain platform privileges and execute arbitrary commands on the system.iSecure Center is software released for China's domestic market only, with no overseas release.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie10/17/2025

Derniere modification10/21/2025

Sourcenvd

Observations honeypot0

Faiblesses (CWE)

CWE-141

References

https://www.hikvision.com/cn/support/CybersecurityCenter/SecurityNotices/2023-04/(hsrc@hikvision.com)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.