CVE-2023-6893
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD
Description
A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) and classified as problematic. Affected by this issue is some unknown functionality of the file /php/exportrecord.php. The manipulation of the argument downname with the input C:\ICPAS\Wnmp\WWW\php\conversion.php leads to path traversal. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248252.
Affected (1)
Products: Hikvision: Intercom Broadcast System
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| From 3.0.3 to 4.1.0 |
| Running on/with | Platform Versions |
|---|---|
Hikvision Ds Kd Bk | All versions |
Hikvision Ds Kd Dis | All versions |
Hikvision Ds Kd E | All versions |
Hikvision Ds Kd In | All versions |
Hikvision Ds Kd Info | All versions |
Hikvision Ds Kd Kk | All versions |
Hikvision Ds Kd Kk/s | All versions |
Hikvision Ds Kd Kp | All versions |
Hikvision Ds Kd Kp/s | All versions |
Hikvision Ds Kd M | All versions |
Hikvision Ds Kd3003 E6 | All versions |
Hikvision Ds Kd8003ime1(b) | All versions |
Hikvision Ds Kd8003ime1(b)/flush | All versions |
Hikvision Ds Kd8003ime1(b)/ns | All versions |
Hikvision Ds Kd8003ime1(b)/s | All versions |
Hikvision Ds Kd8003ime1(b)/surface | All versions |
Hikvision Ds Kh6220 Le1 | All versions |
Hikvision Ds Kh6320 Le1 | All versions |
Hikvision Ds Kh6320 Tde1 | All versions |
Hikvision Ds Kh6320 Te1 | All versions |
Hikvision Ds Kh6320 Wtde1 | All versions |
Hikvision Ds Kh6320 Wte1 | All versions |
Hikvision Ds Kh6350 Wte1 | All versions |
Hikvision Ds Kh6351 Te1 | All versions |
Hikvision Ds Kh6351 Wte1 | All versions |
Hikvision Ds Kh63le1(b) | All versions |
Hikvision Ds Kh8520 Wte1 | All versions |
Hikvision Ds Kh9310 Wte1(b) | All versions |
Hikvision Ds Kh9510 Wte1(b) | All versions |
References (6)
Source: cna@vuldb.com
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredThird Party Advisory
Timeline
No history available yet.