Andres Hinnosaar

**Name of the Vulnerable Software and Affected Versions** Hikvision Access Control (affected versions not specified) **Description** The issue allows attackers to perform a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit this, attackers must request the session ID at the same time as a valid user logs in, and then gain device operation permissions by forging the IP and session ID of an authenticated user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Access control/intercom products (affected versions not specified) **Description** The issue allows attackers to modify device network configuration by sending specific data packets to the vulnerable interface within the same local network. This can be done by exploiting the unauthorized modification of device network configuration vulnerability in access control/intercom products. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.