Vulnerability Details : CVE-2023-28811
There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.
Published
2023-11-23 07:15:44
Updated
2023-12-08 18:53:09
Vulnerability category: Overflow
Products affected by CVE-2023-28811
- cpe:2.3:o:hikvision:nvr-216mh-c\(d\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hikvision:nvr-216mh-c\/16p\(d\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hikvision:nvr-208mh-c\/8p\(d\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hikvision:nvr-104mh-c\/4p\(d\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hikvision:nvr-104mh-c\(d\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hikvision:nvr-108mh-c\(d\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hikvision:nvr-116mh-c\(d\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hikvision:ds-7104ni-q1\(c\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hikvision:ds-7104ni-q1\(d\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hikvision:ds-7108ni-q1\(c\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hikvision:ds-7108ni-q1\(d\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hikvision:nvr-104mh-d\(c\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hikvision:nvr-104mh-d\(d\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hikvision:nvr-108h-d\(c\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hikvision:nvr-108mh-d\(c\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hikvision:nvr-108mh-d\(d\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hikvision:nvr-104mh-d\/4p\(c\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hikvision:nvr-108h-d\/8p\(c\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hikvision:nvr-108h-d\/8p\(d\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hikvision:nvr-108mh-d\/8p\(c\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hikvision:ds-7604ni-q1\(c\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hikvision:ds-7604ni-q1\/4p\(c\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hikvision:ds-7608ni-q1\(c\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hikvision:ds-7608ni-q1\/8p\(c\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hikvision:ds-7608ni-q2\(c\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hikvision:ds-7608ni-q2\/8p\(c\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hikvision:ds-7616ni-q1\(c\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hikvision:ds-7616ni-q2\/16p\(c\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hikvision:ds-7616ni-q2\(c\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hikvision:ds-7604ni-k1\(c\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hikvision:ds-7604ni-k1\/4p\/4g\(c\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hikvision:ds-7608ni-k1\/8p\(c\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hikvision:ds-7608ni-k1\/8p\/4g\(c\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hikvision:ds-7616ni-k1\(c\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hikvision:nvr-208mh-c\(c\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hikvision:nvr-104mh-c\(c\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hikvision:nvr-108mh-c\(c\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hikvision:nvr-108mh-c\/8p\(c\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hikvision:nvr-116mh-c\(c\)_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:hikvision:dvr_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-28811
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 21 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-28811
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.4
|
HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H |
2.8
|
4.0
|
Hangzhou Hikvision Digital Technology Co., Ltd. | |
|
6.5
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2023-28811
-
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-28811
-
https://www.hikvision.com/en/support/cybersecurity/security-advisory/buffer-overflow-vulnerability-in-hikvision-nvr-dvr-devices/
Buffer Overflow Vulnerability in Hikvision NVR/DVR Devices - Security Advisory - HikvisionPatch;Vendor Advisory
Jump to