CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2023-28812

CVSS 9.1v3.1pub. 2023-11-23upd. 2024-11-21

There is a buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit the vulnerability by sending crafted messages to computers installed with this plug-in, which could lead to arbitrary code execution or cause process exception of the plug-in.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
  • Hikvision Localservicecomponents

    APP
    Hikvision
    ≤ 1.0.0.78
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCEMemory
CWE
References

Related vulnerabilities

CVE-2023-28813HIGH8.1ten sam produkt

An attacker could exploit a vulnerability by sending crafted messages to computers installed with this plug-in...

CVE-2021-36260CRITICAL9.8⚠ KEVten sam vendor

A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input v...

CVE-2017-7921CRITICAL9.8⚠ KEVten sam vendor

An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4....

CVE-2023-28808CRITICAL9.1ten sam vendor

Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to o...

CVE-2022-28173CRITICAL9.1ten sam vendor

The web server of some Hikvision wireless bridge products have an access control vulnerability which can be us...