CVE-2023-28809— Hikvision Access Control Products 授权问题漏洞

N/A

Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user.

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

访问控制不恰当

Hikvision Access Control Products 授权问题漏洞

Hikvision DS-K1T和Hikvision DS-KH都是中国海康威视（Hikvision）公司的一系列门禁系统。 Hikvision Access Control Products存在安全漏洞，该漏洞源于用户登录成功后不会更新会话ID，导致易受到会话劫持攻击。以下产品及版本受到影响：Hikvision DS-K1T,Hikvision DS-KH。

N/A

N/A