CVE-2023-28814

Published: Oct 17, 2025Modified: Oct 21, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: hsrc@hikvision.com (Secondary)

Description

Some versions of Hikvision's iSecure Center Product have an improper file upload control vulnerability. Due to the improper verification of file to be uploaded, attackers may upload malicious files to the server. iSecure Center is software released for China's domestic market only, with no overseas release.

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (1)

https://www.hikvision.com/cn/support/CybersecurityCenter/SecurityNotices/2023-03/

Source: hsrc@hikvision.com

Timeline

No history available yet.