Ds K1t671 Firmware
Monthly
There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device. [CVSS 8.8 HIGH]
Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device. [CVSS 8.8 HIGH]
Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.