Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-6893

Опубликовано: 17 дек. 2023
Источник: nvd
CVSS3: 4.3
CVSS3: 7.5
CVSS2: 3.3
EPSS Высокий

Описание

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) and classified as problematic. Affected by this issue is some unknown functionality of the file /php/exportrecord.php. The manipulation of the argument downname with the input C:\ICPAS\Wnmp\WWW\php\conversion.php leads to path traversal. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248252.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:hikvision:intercom_broadcast_system:*:*:*:*:*:*:*:*
Версия от 3.0.3 (включая) до 4.1.0 (исключая)

Одно из

cpe:2.3:h:hikvision:ds-kd-bk:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-kd-dis:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-kd-e:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-kd-in:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-kd-info:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-kd-kk:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-kd-kk\/s:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-kd-kp:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-kd-kp\/s:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-kd-m:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-kd3003-e6:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-kd8003ime1\(b\):-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-kd8003ime1\(b\)\/flush:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-kd8003ime1\(b\)\/ns:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-kd8003ime1\(b\)\/s:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-kd8003ime1\(b\)\/surface:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-kh6220-le1:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-kh6320-le1:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-kh6320-tde1:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-kh6320-te1:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-kh6320-wtde1:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-kh6320-wte1:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-kh6350-wte1:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-kh6351-te1:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-kh6351-wte1:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-kh63le1\(b\):-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-kh8520-wte1:-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-kh9310-wte1\(b\):-:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-kh9510-wte1\(b\):-:*:*:*:*:*:*:*

EPSS

Процентиль: 99%
0.88406
Высокий

4.3 Medium

CVSS3

7.5 High

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-22

Связанные уязвимости

github логотип

GHSA-pr55-vvc6-cqfh

CVSS3: 4.3
github
около 2 лет назад

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) and classified as problematic. Affected by this issue is some unknown functionality of the file /php/exportrecord.php. The manipulation of the argument downname with the input C:\ICPAS\Wnmp\WWW\php\conversion.php leads to path traversal. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248252. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

EPSS

Процентиль: 99%
0.88406
Высокий

4.3 Medium

CVSS3

7.5 High

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-22