CVE-2023-28810

Summary

Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network.

Affected Software

VendorProductVersion RangeStatus
hikvisionDS-K1T804AXXV1.4.0_build221212 < V1.4.0_build221212affected
hikvisionDS-K1T341AXXV3.2.30_build221223 < V3.2.30_build221223affected
hikvisionDS-K1T671XXXV3.2.30_build221223 < V3.2.30_build221223affected
hikvisionDS-K1T343XXXV3.14.0_build230117 < V3.14.0_build230117affected
hikvisionDS-K1T341CV3.3.8_build230112 < V3.3.8_build230112affected
hikvisionDS-K1T320XXXV3.5.0_build220706 < V3.5.0_build220706affected
hikvisionDS-KH63 Series,DS-KH85 SeriesV2.2.8_build230219 < V2.2.8_build230219affected
hikvisionDS-KH9310-WTE1(B),DS-KH9510-WTE1(B)V2.1.76_build230204 < V2.1.76_build230204affected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References