CVE-2023-3836

Name of the Vulnerable Software and Affected Versions Dahua Smart Park Management versions up to 20230713

Description The issue is related to an unrestricted file upload vulnerability in the /emap/devicePoint addImgIco?hasSubsystem=true file, which can be exploited remotely. This vulnerability allows an attacker to execute arbitrary code. The manipulation of the upload argument leads to this unrestricted upload. The exploit has been disclosed to the public and may be used.

Recommendations For versions up to 20230713, as a temporary workaround, consider restricting access to the /emap/devicePoint addImgIco?hasSubsystem=true endpoint to minimize the risk of exploitation. Avoid using the upload argument in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.