Hikcentral Professional
Monthly
Unauthenticated attackers can bypass access controls in HikCentral Professional to obtain administrative permissions, enabling unauthorized management and configuration of security infrastructure. The vulnerability requires network access and non-trivial complexity but grants high-impact confidentiality and scope expansion across affected deployments. No public exploit code has been identified, though Hikvision has released a security advisory confirming the issue.
There is a SQL injection vulnerability in some HikCentral Professional versions. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Due to insufficient server-side validation, an attacker with login privileges could access certain resources that the attacker should not have access to by changing parameter values. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Due to insufficient server-side validation, a successful exploit of this vulnerability could allow an attacker to gain access to certain URLs that the attacker should not have access to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Unauthenticated attackers can bypass access controls in HikCentral Professional to obtain administrative permissions, enabling unauthorized management and configuration of security infrastructure. The vulnerability requires network access and non-trivial complexity but grants high-impact confidentiality and scope expansion across affected deployments. No public exploit code has been identified, though Hikvision has released a security advisory confirming the issue.
There is a SQL injection vulnerability in some HikCentral Professional versions. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Due to insufficient server-side validation, an attacker with login privileges could access certain resources that the attacker should not have access to by changing parameter values. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Due to insufficient server-side validation, a successful exploit of this vulnerability could allow an attacker to gain access to certain URLs that the attacker should not have access to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.