CVE-2023-6893

Name of the Vulnerable Software and Affected Versions Hikvision Intercom Broadcasting System versions 3.0.3 20201113 RELEASE(HIK) through 3.0.3 20201113 RELEASE(HIK)

Description A vulnerability was found in the Hikvision Intercom Broadcasting System, affecting some unknown functionality of the file /php/exportrecord.php. The manipulation of the downname argument with a specific input leads to path traversal. The exploit has been disclosed to the public and may be used.

Recommendations For Hikvision Intercom Broadcasting System version 3.0.3 20201113 RELEASE(HIK), upgrade to version 4.1.0 to address this issue. As a temporary workaround, consider restricting access to the /php/exportrecord.php file until the upgrade is applied. Additionally, avoid using the downname argument in the affected file to minimize the risk of exploitation.