PT-2026-29867 · Unknown · Hisecos Web Server

Published

2026-04-02

Updated

2026-04-03

CVE-2023-7342

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HiSecOS web server versions 03.4.00 through 04.0.99

Description HiSecOS web server versions 03.4.00 through 04.0.99 contain a privilege escalation flaw. Authenticated users with operator or auditor roles can escalate their privileges to the administrator role by sending specially crafted packets to the web server. Successful exploitation allows attackers to gain full administrative access to the affected device.

Recommendations Update HiSecOS web server to version 04.1.00 or later.

Fix

LPE

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2023-7342

Affected Products

Hisecos Web Server

PT-2026-29867 · Unknown · Hisecos Web Server

CVE-2023-7342

Weakness Enumeration

Related Identifiers

Affected Products

References · 5