PT-2023-32805 · Hikvision · Hikvision Intercom Broadcasting System
Willchen
·
Published
2023-12-17
·
Updated
2026-04-02
·
CVE-2023-6895
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Hikvision Intercom Broadcasting System versions 3.0.3 20201113 RELEASE(HIK)
Description
A critical issue exists in Hikvision Intercom Broadcasting System. The issue affects unknown code within the
/php/ping.php file. Manipulating the jsondata[ip] parameter with the input netstat -ano results in operating system command injection. The exploit for this issue is publicly available.Recommendations
Upgrade to version 4.1.0 to address this issue.
Exploit
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hikvision Intercom Broadcasting System