Skip to main content

Hikcentral Professional

4 CVEs product

Monthly

CVE-2026-1749 MEDIUM This Month

Unauthenticated attackers can bypass access controls in HikCentral Professional to obtain administrative permissions, enabling unauthorized management and configuration of security infrastructure. The vulnerability requires network access and non-trivial complexity but grants high-impact confidentiality and scope expansion across affected deployments. No public exploit code has been identified, though Hikvision has released a security advisory confirming the issue.

Authentication Bypass Hikcentral Professional
NVD VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2024-47487 HIGH This Week

There is a SQL injection vulnerability in some HikCentral Professional versions. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Hikcentral Professional
NVD
CVSS 4.0
7.2
EPSS
0.4%
CVE-2024-25064 MEDIUM This Month

Due to insufficient server-side validation, an attacker with login privileges could access certain resources that the attacker should not have access to by changing parameter values. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Hikcentral Professional
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-25063 HIGH This Week

Due to insufficient server-side validation, a successful exploit of this vulnerability could allow an attacker to gain access to certain URLs that the attacker should not have access to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hikcentral Professional
NVD
CVSS 3.1
7.5
EPSS
0.6%
EPSS 0% CVSS 6.8
MEDIUM This Month

Unauthenticated attackers can bypass access controls in HikCentral Professional to obtain administrative permissions, enabling unauthorized management and configuration of security infrastructure. The vulnerability requires network access and non-trivial complexity but grants high-impact confidentiality and scope expansion across affected deployments. No public exploit code has been identified, though Hikvision has released a security advisory confirming the issue.

Authentication Bypass Hikcentral Professional
NVD VulDB
EPSS 0% CVSS 7.2
HIGH This Week

There is a SQL injection vulnerability in some HikCentral Professional versions. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Hikcentral Professional
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Due to insufficient server-side validation, an attacker with login privileges could access certain resources that the attacker should not have access to by changing parameter values. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Hikcentral Professional
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Due to insufficient server-side validation, a successful exploit of this vulnerability could allow an attacker to gain access to certain URLs that the attacker should not have access to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hikcentral Professional
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy