CVE-2023-28810 — MEDIUM (4.3)

Q: How severe is CVE-2023-28810?

CVE-2023-28810 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-28810?

Check the references section above for vendor advisories and patch information. Affected products include: Hikvision Ds-K1T804Af Firmware, Hikvision Ds-K1T804Af, Hikvision Ds-K1T804Amf Firmware, Hikvision Ds-K1T804Amf, Hikvision Ds-K1T341Am Firmware.

Vulnerability Description

Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Hikvision	Ds-K1T804Af Firmware	<= 1.4.0_build221212
Hikvision	Ds-K1T804Af	-
Hikvision	Ds-K1T804Amf Firmware	<= 1.4.0_build221212
Hikvision	Ds-K1T804Amf	-
Hikvision	Ds-K1T341Am Firmware	<= 3.2.30_build221223
Hikvision	Ds-K1T341Am	-
Hikvision	Ds-K1T341Amf Firmware	<= 3.2.30_build221223
Hikvision	Ds-K1T341Amf	-
Hikvision	Ds-K1T671M Firmware	<= 3.2.30_build221223
Hikvision	Ds-K1T671M	-
Hikvision	Ds-K1T671Mf Firmware	<= 3.2.30_build221223
Hikvision	Ds-K1T671Mf	-
Hikvision	Ds-K1T671 Firmware	<= 3.2.30_build221223
Hikvision	Ds-K1T671	-
Hikvision	Ds-K1T343Efwx Firmware	<= 3.14.0_build230117
Hikvision	Ds-K1T343Efwx	-
Hikvision	Ds-K1T343Efx Firmware	<= 3.14.0_build230117
Hikvision	Ds-K1T343Efx	-
Hikvision	Ds-K1T343Ewx Firmware	<= 3.14.0_build230117
Hikvision	Ds-K1T343Ewx	-

Related Weaknesses (CWE)

CWE-284

References

https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vuVendor Advisory
https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vuVendor Advisory

FAQ

What is CVE-2023-28810?

CVE-2023-28810 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets...

How severe is CVE-2023-28810?

CVE-2023-28810 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-28810?

Check the references section above for vendor advisories and patch information. Affected products include: Hikvision Ds-K1T804Af Firmware, Hikvision Ds-K1T804Af, Hikvision Ds-K1T804Amf Firmware, Hikvision Ds-K1T804Amf, Hikvision Ds-K1T341Am Firmware.