CVSS: 10.0EPSS: 0%CPEs: 24EXPL: 0CVE-2023-28808
https://notcve.org/view.php?id=CVE-2023-28808
11 Apr 2023 — Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices. • https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-hybrid-san-cluster-stor • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 26EXPL: 0CVE-2022-28172
https://notcve.org/view.php?id=CVE-2022-28172
27 Jun 2022 — The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to XSS attack by sending messages with malicious commands to the affected device. El módulo web de algunos productos Hikvision Hybrid SAN/Cluster Storage presenta la siguiente vulnerabilidad de seguridad. Debido a una insuficiente comprobación de entrada, un atacante puede aprovechar la vulnerabilidad para realizar un... • http://packetstormsecurity.com/files/170818/Hikvision-Remote-Code-Execution-XSS-SQL-Injection.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 16%CPEs: 26EXPL: 4CVE-2022-28171 – Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution
https://notcve.org/view.php?id=CVE-2022-28171
27 Jun 2022 — The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to execute restricted commands by sending messages with malicious commands to the affected device. El módulo web de algunos productos Hikvision Hybrid SAN/Cluster Storage presenta la siguiente vulnerabilidad de seguridad. Debido a una insuficiente comprobación de entrada, el atacante puede explotar la vulnerabilidad p... • https://www.exploit-db.com/exploits/51607 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •