Hsrc

**Name of the Vulnerable Software and Affected Versions** Hikvision iSecure Center versions 1.0.0 through 1.7.0 **Description** The software contains an improper file upload control. Insufficient verification of uploaded files allows attackers to upload malicious files to the server. This could lead to remote code execution. The software is released for the China domestic market only. **Recommendations** Versions 1.0.0 through 1.7.0 should be updated when a fix becomes available.

**Name of the Vulnerable Software and Affected Versions** Hikvision iSecure Center (affected versions not specified) **Description** The software contains insufficient parameter validation, leading to a command injection issue. Attackers may be able to gain platform privileges and execute arbitrary commands on the system. The software is released for China's domestic market only, with no overseas release. The root cause is inadequate parameter validation within the application, allowing malicious actors to craft inputs that are executed as commands on the underlying system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.