CVE-2023-53691
8.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Summary
Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2023-06-25 allows file upload via /center/api/files directory traversal, as exploited in the wild in 2024 and 2025.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Hikvision | CSMP iSecure Center | 0 <= 2023-06-25 | affected |
Weaknesses
- CWE-24: CWE-24 Path Traversal: '../filedir'
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.