CVE-2023-28815
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-17

Last updated on: 2025-10-21

Assigner: Hangzhou Hikvision Digital Technology Co., Ltd.

Description
Some versions of Hikvision's iSecure Center Product contain insufficient parameter validation, resulting in a command injection vulnerability. Attackers may exploit this to gain platform privileges and execute arbitrary commands on the system.iSecure Center is software released for China's domestic market only, with no overseas release.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-17
Last Modified
2025-10-21
Generated
2026-06-16
AI Q&A
2025-10-17
EPSS Evaluated
2026-06-15
NVD
CVE-2023-28815
EUVD
EUVD-2023-32450
Affected Vendors & Products
Showing 12 associated CPEs
Vendor Product Version / Range
hikvision iac 1.4.0
hikvision ncg 5.15.201
hikvision dfe 1.3.0
hikvision artemis 3.0.0
hikvision lsm 1.4.101
hikvision ncg 5.15.100
hikvision lsm 1.0.100
hikvision dfe 2.2.3
hikvision copas 1.5.0
hikvision iac 1.15.200
hikvision artemis 3.4.0
hikvision copas 2.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-141 The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as parameter or argument delimiters when they are sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Hikvision's iSecure Center and related components is due to insufficient parameter validation in permission acquisition interfaces. It allows attackers to perform command injection, which can lead to unauthorized privilege escalation and execution of arbitrary commands on the affected system. [1]

Impact Analysis

Exploitation of this vulnerability can allow attackers to gain unauthorized platform privileges, potentially leading to full control over the affected system. This can result in unauthorized command execution, compromising system integrity, confidentiality, and availability. [1]

Mitigation Strategies

To mitigate this vulnerability, you should promptly apply the patches released by Hikvision for the affected components and versions. The affected components include iac, lsm, copas, dfe, artemis, and ncg within specified version ranges. Users can download the patches through Hikvision's official channels. Additionally, for assistance with upgrades or technical support, contact Hikvision's Security Response Center (HSRC) via [email protected] or their support portals. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-28815. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart