CVE-2023-28810

MEDIUM

Access Control/Intercom < - Info Disclosure

Title source: llm

Description

Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network.

Exploits (1)

nomisec WORKING POC

by skylightcyber · poc

https://github.com/skylightcyber/CVE-2023-28810

View Code ZIP pw:eip

References (1)

Core 1

Core References

Vendor Advisory

https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/

Scores

CVSS v3 4.3

EPSS 0.0048

EPSS Percentile 65.3%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-284

Status published

Products (37)

hikvision/ds-k1t320efwx_firmware < 3.5.0_build220706

hikvision/ds-k1t320efx_firmware < 3.5.0_build220706

hikvision/ds-k1t320ewx_firmware < 3.5.0_build220706

hikvision/ds-k1t320ex_firmware < 3.5.0_build220706

hikvision/ds-k1t320mfwx_firmware < 3.5.0_build220706

hikvision/ds-k1t320mfx_firmware < 3.5.0_build220706

hikvision/ds-k1t320mwx_firmware < 3.5.0_build220706

hikvision/ds-k1t320mx_firmware < 3.5.0_build220706

hikvision/ds-k1t341am_firmware < 3.2.30_build221223

hikvision/ds-k1t341amf_firmware < 3.2.30_build221223

... and 27 more

Published Jun 15, 2023

Tracked Since Feb 18, 2026