PT-2023-32805 · Hikvision · Hikvision Intercom Broadcasting System

Willchen

·

Publicado

2023-12-17

·

Atualizado

2026-04-02

·

CVE-2023-6895

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Hikvision Intercom Broadcasting System versions 3.0.3 20201113 RELEASE(HIK)
Description A critical issue exists in Hikvision Intercom Broadcasting System. The issue affects unknown code within the /php/ping.php file. Manipulating the jsondata[ip] parameter with the input netstat -ano results in operating system command injection. The exploit for this issue is publicly available.
Recommendations Upgrade to version 4.1.0 to address this issue.

Exploit

Correção

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

CVE-2023-6895

Produtos afetados

Hikvision Intercom Broadcasting System