CVSS: 7.4EPSS: 0%CPEs: 79EXPL: 0CVE-2023-28811
https://notcve.org/view.php?id=CVE-2023-28811
There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device. Hay un desbordamiento del búfer en la función de recuperación de contraseña de los modelos NVR/DVR de Hikvision. Si se explota, un atacante en la misma red de área local (LAN) podría provocar un mal funcionamiento del dispositivo al enviar paquetes especialmente manipulados a un dispositivo sin parches. • https://www.hikvision.com/en/support/cybersecurity/security-advisory/buffer-overflow-vulnerability-in-hikvision-nvr-dvr-devices • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 95%CPEs: 2EXPL: 3CVE-2014-4880 – Hikvision DVR - RTSP Request Remote Code Execution
https://notcve.org/view.php?id=CVE-2014-4880
Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote attackers to execute arbitrary code via an RTSP PLAY request with a long Authorization header. Desbordamiento de buffer en Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, y otros modelos y versiones, permite a atacantes remotos ejecutar código arbitrario a través de una solicitud RTSP PLAY con una cabecera de autorización larga. • https://www.exploit-db.com/exploits/35356 http://packetstormsecurity.com/files/129187/Hikvision-DVR-RTSP-Request-Remote-Code-Execution.html http://www.exploit-db.com/exploits/35356 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •