CVE-2023-28814

CRITICAL

Hikvision iSecure Center - File Upload

Title source: llm

Description

Some versions of Hikvision's iSecure Center Product have an improper file upload control vulnerability. Due to the improper verification of file to be uploaded, attackers may upload malicious files to the server. iSecure Center is software released for China's domestic market only, with no overseas release.

References (1)

Core 1

Core References

Various Sources

https://www.hikvision.com/cn/support/CybersecurityCenter/SecurityNotices/2023-03/

Scores

CVSS v3 9.8

EPSS 0.0013

EPSS Percentile 31.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

Hikvision/iSecure Center V1.0.0 - V1.7.0

Published Oct 17, 2025

Tracked Since Feb 18, 2026