CVE-2023-28811

moderate-risk
Published 2023-11-23

There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.

Do I need to act?

-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.4/10 High
ADJACENT_NETWORK / LOW complexity

Affected Products (20)

Nvr-216Mh-C\(D\) Firmware
Nvr-216Mh-C\/16P\(D\) Firmware
Nvr-208Mh-C\/8P\(D\) Firmware
Nvr-104Mh-C\/4P\(D\) Firmware
Nvr-104Mh-C\(D\) Firmware
Nvr-108Mh-C\(D\) Firmware
Nvr-116Mh-C\(D\) Firmware
Ds-7104Ni-Q1\(C\) Firmware
Ds-7104Ni-Q1\(D\) Firmware
Ds-7108Ni-Q1\(C\) Firmware
Ds-7108Ni-Q1\(D\) Firmware
Nvr-104Mh-D\(C\) Firmware
Nvr-104Mh-D\(D\) Firmware
Nvr-108H-D\(C\) Firmware
Nvr-108Mh-D\(C\) Firmware
Nvr-108Mh-D\(D\) Firmware
Nvr-104Mh-D\/4P\(C\) Firmware
Nvr-108H-D\/8P\(C\) Firmware
Nvr-108H-D\/8P\(D\) Firmware
Nvr-108Mh-D\/8P\(C\) Firmware

Affected Vendors

Hikvision

References (2)

Patch https://www.hikvision.com/en/support/cybersecurity/security-advisory/buffer-over...
Patch https://www.hikvision.com/en/support/cybersecurity/security-advisory/buffer-over...
47
/ 100
moderate-risk
Severity 23/34 · High
Exploitability 0/34 · Minimal
Exposure 24/34 · High