CVE-2023-28815
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-17

Last updated on: 2025-10-21

Assigner: Hangzhou Hikvision Digital Technology Co., Ltd.

Description
Some versions of Hikvision's iSecure Center Product contain insufficient parameter validation, resulting in a command injection vulnerability. Attackers may exploit this to gain platform privileges and execute arbitrary commands on the system.iSecure Center is software released for China's domestic market only, with no overseas release.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-17
Last Modified
2025-10-21
Generated
2026-05-07
AI Q&A
2025-10-17
EPSS Evaluated
2026-05-05
NVD
CVE-2023-28815
EUVD
EUVD-2023-32450
Affected Vendors & Products
Showing 12 associated CPEs
Vendor Product Version / Range
hikvision iac 1.4.0
hikvision ncg 5.15.201
hikvision dfe 1.3.0
hikvision artemis 3.0.0
hikvision lsm 1.4.101
hikvision ncg 5.15.100
hikvision lsm 1.0.100
hikvision dfe 2.2.3
hikvision copas 1.5.0
hikvision iac 1.15.200
hikvision artemis 3.4.0
hikvision copas 2.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-141 The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as parameter or argument delimiters when they are sent to a downstream component.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in Hikvision's iSecure Center and related components is due to insufficient parameter validation in permission acquisition interfaces. It allows attackers to perform command injection, which can lead to unauthorized privilege escalation and execution of arbitrary commands on the affected system. [1]


How can this vulnerability impact me? :

Exploitation of this vulnerability can allow attackers to gain unauthorized platform privileges, potentially leading to full control over the affected system. This can result in unauthorized command execution, compromising system integrity, confidentiality, and availability. [1]


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should promptly apply the patches released by Hikvision for the affected components and versions. The affected components include iac, lsm, copas, dfe, artemis, and ncg within specified version ranges. Users can download the patches through Hikvision's official channels. Additionally, for assistance with upgrades or technical support, contact Hikvision's Security Response Center (HSRC) via [email protected] or their support portals. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart