918博天堂·(中国区)首页

        Security Vulnerabilities in Hikvision Web Browser Plug-in LocalServiceComponents

        Security Vulnerabilities in Hikvision Web Browser Plug-in LocalServiceComponents

        SN No. HSRC-202311-02

         

        Edit: Hikvision Security Response Center (HSRC)

         

        Initial Release Date: 2023-11-23

         

        Summary

        1. A buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit the vulnerability by sending crafted messages to computers installed with this plug-in, which could lead to arbitrary code execution or cause process exception of the plug-in. 

        2. An attacker could exploit a vulnerability by sending crafted messages to computers installed with this plug-in to modify plug-in parameters, which could cause affected computers to download malicious files. 

         

        CVE ID

        CVE-2023-28812

        CVE-2023-28813

         

        Scoring

        CVSS v3.1 is adopted in this vulnerability scoring(http://www.first.org/cvss/specification-document)

        CVE-2023-28812

        Base score:9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)

        CVE-2023-28813

        Base score:8.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H) 

         

        Affected Versions and Fix

        Product Name

        Affected Versions

        Resolved Version

        LocalServiceComponents

        version 1.0.0.78 and the versions prior to it

        1.0.0.81

         

        Obtaining Fixed Version

        Users can download the patch on the Hikvision official website.(http://www.hrbaojie.com/en/support/tools/hitools/cl31f95c645ddb0235/)

         

        Source of vulnerability information

        This vulnerability is reported to HSRC by Team.ENVY (KITRI BoB 12th).

         

        Contact Us

        To report any security issues or vulnerabilities in Hikvision products and solutions, please contact Hikvision Security Response Center at hsrc@hrbaojie.com.

        Hikvision would like to thank all security researchers for your attention to our products.

        Contact Us
        Hik-Partner Pro close
        Hik-Partner Pro
        Hik-Partner Pro
        Scan and download the app
        Download
        Hik-Partner Pro
        Hik-Partner Pro
        back to top

        Get a better browsing experience

        You are using a web browser we don’t support. Please try one of the following options to have a better experience of our web content.

        • browser-chorme
        • browser-edge
        • browser-safari
        • browser-firefox