CVE-2023-28814
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-17
Last updated on: 2025-10-21
Assigner: Hangzhou Hikvision Digital Technology Co., Ltd.
Description
Description
Some versions of Hikvision's iSecure Center Product have an improper file upload control vulnerability. Due to the improper verification of file to be uploaded, attackers may upload malicious files to the server. iSecure Center is software released for China's domestic market only, with no overseas release.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hikvision | ivms-8700 | 2.9.2 |
| hikvision | secure_center | 1.0.0 |
| hikvision | ivms-8700 | 2.0.0 |
| hikvision | secure_center | 1.7.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in some versions of Hikvision's iSecure Center Product, where there is improper file upload control. Because the software does not properly verify files being uploaded, attackers can upload malicious files to the server.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can upload malicious files to the server, potentially leading to full compromise of the system, including unauthorized access, data theft, or disruption of services.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70