CVE-2023-28811

HIGH

Hikvision NVR/DVR - Buffer Overflow

Title source: llm

Description

There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.

References (1)

Core 1

Core References

Patch, Vendor Advisory

https://www.hikvision.com/en/support/cybersecurity/security-advisory/buffer-overflow-vulnerability-in-hikvision-nvr-dvr-devices/

Scores

CVSS v3 7.4

EPSS 0.0004

EPSS Percentile 12.2%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Details

CWE

CWE-120

Status published

Products (40)

hikvision/ds-7104ni-q1\(c\)_firmware < 4.1.60

hikvision/ds-7104ni-q1\(d\)_firmware < 4.1.60

hikvision/ds-7108ni-q1\(c\)_firmware < 4.1.60

hikvision/ds-7108ni-q1\(d\)_firmware < 4.1.60

hikvision/ds-7604ni-k1\(c\)_firmware < 4.1.60

hikvision/ds-7604ni-k1\/4p\/4g\(c\)_firmware < 4.1.60

hikvision/ds-7604ni-q1\(c\)_firmware < 4.1.60

hikvision/ds-7604ni-q1\/4p\(c\)_firmware < 4.1.60

hikvision/ds-7608ni-k1\/8p\(c\)_firmware < 4.1.60

hikvision/ds-7608ni-k1\/8p\/4g\(c\)_firmware < 4.1.60

... and 30 more

Published Nov 23, 2023

Tracked Since Feb 18, 2026