Michael Dubell

**Name of the Vulnerable Software and Affected Versions** HikCentral Professional (affected versions not specified) **Description** The issue is related to insufficient server-side validation, which could allow an attacker to gain access to certain URLs that they should not have access to. This is a problem of inadequate access control. The platform, HikCentral Professional, has more than 5 million connected devices. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HikCentral Professional (affected versions not specified) **Description** The issue is related to insufficient server-side validation, allowing an attacker with login privileges to access certain resources by changing parameter values. This could potentially lead to a privilege escalation, enabling a remote attacker to gain higher privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.