918博天堂·(中国区)首页

Security Vulnerabilities in Hikvision Web Browser Plug-in LocalServiceComponents

Security Vulnerabilities in Hikvision Web Browser Plug-in LocalServiceComponents

SN No. HSRC-202311-02

 

Edit: Hikvision Security Response Center (HSRC)

 

Initial Release Date: 2023-11-23

 

Summary

1. A buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit the vulnerability by sending crafted messages to computers installed with this plug-in, which could lead to arbitrary code execution or cause process exception of the plug-in. 

2. An attacker could exploit a vulnerability by sending crafted messages to computers installed with this plug-in to modify plug-in parameters, which could cause affected computers to download malicious files. 

 

CVE ID

CVE-2023-28812

CVE-2023-28813

 

Scoring

CVSS v3.1 is adopted in this vulnerability scoring(http://www.first.org/cvss/specification-document)

CVE-2023-28812

Base score:9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)

CVE-2023-28813

Base score:8.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H) 

 

Affected Versions and Fix

Product Name

Affected Versions

Resolved Version

LocalServiceComponents

version 1.0.0.78 and the versions prior to it

1.0.0.81

 

Obtaining Fixed Version

Users can download the patch on the Hikvision official website.(http://www.hrbaojie.com/en/support/tools/hitools/cl31f95c645ddb0235/)

 

Source of vulnerability information

This vulnerability is reported to HSRC by Team.ENVY (KITRI BoB 12th).

 

Contact Us

To report any security issues or vulnerabilities in Hikvision products and solutions, please contact Hikvision Security Response Center at hsrc@hrbaojie.com.

Hikvision would like to thank all security researchers for your attention to our products.

문의하기
Hik-Partner Pro close
Hik-Partner Pro
Hik-Partner Pro
Scan and download the app
Download
Hik-Partner Pro
Hik-Partner Pro

Get a better browsing experience

You are using a web browser we don’t support. Please try one of the following options to have a better experience of our web content.