CVE-2023-48121

Name of the Vulnerable Software and Affected Versions Ezviz CS-C6N-xxx versions prior to v5.3.x build 20230401 Ezviz CS-CV310-xxx versions prior to v5.3.x build 20230401 Ezviz CS-C6CN-xxx versions prior to v5.3.x build 20230401 Ezviz CS-C3N-xxx versions prior to v5.3.x build 20230401 Hikvision products (affected versions not specified)

Description An authentication bypass vulnerability in the Direct Connection Module or Hik-Connect Module allows remote attackers to obtain sensitive information or consume services by sending crafted messages to the affected devices.

Recommendations For Ezviz CS-C6N-xxx versions prior to v5.3.x build 20230401, update to v5.3.x build 20230401 or later. For Ezviz CS-CV310-xxx versions prior to v5.3.x build 20230401, update to v5.3.x build 20230401 or later. For Ezviz CS-C6CN-xxx versions prior to v5.3.x build 20230401, update to v5.3.x build 20230401 or later. For Ezviz CS-C3N-xxx versions prior to v5.3.x build 20230401, update to v5.3.x build 20230401 or later. For Hikvision products, at the moment, there is no information about a newer version that contains a fix for this vulnerability.