Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28809 | 1 Hikvision | 52 Ds-k1t320efwx, Ds-k1t320efwx Firmware, Ds-k1t320efx and 49 more | 2023-12-10 | N/A | 7.5 HIGH |
| Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user. | |||||
| CVE-2023-28810 | 1 Hikvision | 74 Ds-k1t320efwx, Ds-k1t320efwx Firmware, Ds-k1t320efx and 71 more | 2023-12-10 | N/A | 4.3 MEDIUM |
| Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network. | |||||