Vulnerabilidades en Hikvision
39 resultadosCVE-2023-6895MEDIUMHikvision Intercom Broadcasting System ping.php os command injectionEPSS 89.1%CVE-2023-6893MEDIUMHikvision Intercom Broadcasting System exportrecord.php path traversalEPSS 70.2%CVE-2022-28171HIGHThe web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient inpuEPSS 39.3%CVE-2025-34067CRITICALHikvision Integrated Security Management Platform Remote Command Execution via applyCT FastjsonEPSS 18.7%CVE-2024-58274HIGHHikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2024-08-01 allows execution of a command within $( ) in /EPSS 17.5%CVE-2023-28810MEDIUMSome access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify dEPSS 10.4%CVE-2018-6414—A buffer overflow vulnerability in the web server of some Hikvision IP Cameras allows an attacker to send a specially crafted message to affEPSS 2.5%CVE-2018-6413—There is a buffer overflow in the Hikvision Camera DS-2CD9111-S of V4.1.2 build 160203 and before, and this vulnerability allows remote attaEPSS 1.7%CVE-2023-28815CRITICALSome versions of Hikvision's iSecure Center Product contain insufficient parameter validation, resulting in a command injection vulnerabilitEPSS 1.5%CVE-2024-29949HIGHThere is a command injection vulnerability in some Hikvision NVRs. This could allow an authenticated user with administrative rights to execEPSS 1.3%CVE-2023-53691HIGHHikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2023-06-25 allows file upload via /center/api/files direcEPSS 1.2%CVE-2025-39240HIGHSome Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation. AttackerEPSS 1.1%CVE-2023-6894MEDIUMHikvision Intercom Broadcasting System Log File system.html information disclosureEPSS 1.0%CVE-2023-28812CRITICALThere is a buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit the vulnerability by sending crafted meEPSS 1.0%CVE-2026-3828HIGHSome Hikvision switch products (discontinued since December 2023) are vulnerable to authenticated remote command execution due to insufficieEPSS 0.8%CVE-2023-28808CRITICALSome Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. ThEPSS 0.8%CVE-2026-0709HIGHSome Hikvision Wireless Access Points are vulnerable to authenticated command execution due to insufficient input validation. Attackers withEPSS 0.8%CVE-2022-28172MEDIUMThe web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient inpuEPSS 0.7%CVE-2023-28809HIGHSome access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user suEPSS 0.6%CVE-2023-28813HIGHAn attacker could exploit a vulnerability by sending crafted messages to computers installed with this plug-in to modify plug-in parameters,EPSS 0.6%