The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NHikvision Ds 3wf01c 2n\/o
HWHikvisionwszystkie wersjeHikvision Ds 3wf01c 2n\/o Firmware
OSHikvision< 1.0.4Hikvision Ds 3wf0ac 2nt
HWHikvisionwszystkie wersjeHikvision Ds 3wf0ac 2nt Firmware
OSHikvision< 1.1.0
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Related vulnerabilities
CVE-2021-36260CRITICAL9.8⚠ KEVten sam vendor
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input v...
CVE-2017-7921CRITICAL9.8⚠ KEVten sam vendor
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4....
CVE-2023-28812CRITICAL9.1PL ✓ten sam vendor
Buffer overflow w wtyczce przeglądarki Hikvision LocalServiceComponents
CVE-2023-28808CRITICAL9.1ten sam vendor
Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to o...
CVE-2013-4976CRITICAL9.8ten sam vendor
Hikvision DS-2CD7153-E IP Camera has security bypass via hardcoded credentials