CVE-2023-28811
Severity CVSS v4.0:
Pending analysis
Type:
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Publication date:
23/11/2023
Last modified:
08/12/2023
Description
There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:hikvision:nvr-216mh-c\(d\)_firmware:*:*:*:*:*:*:*:* | 4.1.60 (excluding) | |
cpe:2.3:h:hikvision:nvr-216mh-c\(d\):-:*:*:*:*:*:*:* | ||
cpe:2.3:o:hikvision:nvr-216mh-c\/16p\(d\)_firmware:*:*:*:*:*:*:*:* | 4.1.60 (excluding) | |
cpe:2.3:h:hikvision:nvr-216mh-c\/16p\(d\):-:*:*:*:*:*:*:* | ||
cpe:2.3:o:hikvision:nvr-208mh-c\/8p\(d\)_firmware:*:*:*:*:*:*:*:* | 4.1.60 (excluding) | |
cpe:2.3:h:hikvision:nvr-208mh-c\/8p\(d\):-:*:*:*:*:*:*:* | ||
cpe:2.3:o:hikvision:nvr-104mh-c\/4p\(d\)_firmware:*:*:*:*:*:*:*:* | 4.1.60 (excluding) | |
cpe:2.3:h:hikvision:nvr-104mh-c\/4p\(d\):-:*:*:*:*:*:*:* | ||
cpe:2.3:o:hikvision:nvr-104mh-c\(d\)_firmware:*:*:*:*:*:*:*:* | 4.1.60 (excluding) | |
cpe:2.3:h:hikvision:nvr-104mh-c\(d\):-:*:*:*:*:*:*:* | ||
cpe:2.3:o:hikvision:nvr-108mh-c\(d\)_firmware:*:*:*:*:*:*:*:* | 4.1.60 (excluding) | |
cpe:2.3:h:hikvision:nvr-108mh-c\(d\):-:*:*:*:*:*:*:* | ||
cpe:2.3:o:hikvision:nvr-116mh-c\(d\)_firmware:*:*:*:*:*:*:*:* | 4.1.60 (excluding) | |
cpe:2.3:h:hikvision:nvr-116mh-c\(d\):-:*:*:*:*:*:*:* | ||
cpe:2.3:o:hikvision:ds-7104ni-q1\(c\)_firmware:*:*:*:*:*:*:*:* | 4.1.60 (excluding) |
To consult the complete list of CPE names with products and versions, see this page