CVSS: 7.4EPSS: 0%CPEs: 79EXPL: 0CVE-2023-28811
https://notcve.org/view.php?id=CVE-2023-28811
There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device. Hay un desbordamiento del búfer en la función de recuperación de contraseña de los modelos NVR/DVR de Hikvision. Si se explota, un atacante en la misma red de área local (LAN) podría provocar un mal funcionamiento del dispositivo al enviar paquetes especialmente manipulados a un dispositivo sin parches. • https://www.hikvision.com/en/support/cybersecurity/security-advisory/buffer-overflow-vulnerability-in-hikvision-nvr-dvr-devices • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 97%CPEs: 610EXPL: 10CVE-2021-36260 – Hikvision Improper Input Validation
https://notcve.org/view.php?id=CVE-2021-36260
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands. Una vulnerabilidad de inyección de comandos en el servidor web de algunos productos de Hikvision. Debido a una comprobación de entrada insuficiente, un atacante puede explotar la vulnerabilidad para lanzar un ataque de inyección de comandos mediante el envío de algunos mensajes con comandos maliciosos Hikvision Web Server Build 210702 suffers from a command injection vulnerability. A command injection vulnerability in the web server of some Hikvision product. • https://www.exploit-db.com/exploits/50441 https://github.com/Aiminsun/CVE-2021-36260 https://github.com/Cuerz/CVE-2021-36260 https://github.com/rabbitsafe/CVE-2021-36260 https://github.com/TaroballzChen/CVE-2021-36260-metasploit https://github.com/TakenoSite/Simple-CVE-2021-36260 https://github.com/haingn/HIK-CVE-2021-36260-Exploit http://packetstormsecurity.com/files/164603/Hikvision-Web-Server-Build-210702-Command-Injection.html http://packetstormsecurity.com/files/166167/Hikvision-IP-Camera • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •