{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-28815", "assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32", "state": "PUBLISHED", "assignerShortName": "hikvision", "dateReserved": "2023-03-23T19:49:08.441Z", "datePublished": "2025-10-17T11:07:26.306Z", "dateUpdated": "2025-10-17T12:10:16.930Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "Some versions of Hikvision's iSecure Center Product contain insufficient parameter validation, resulting in a command injection vulnerability. Attackers may exploit this to gain platform privileges and execute arbitrary commands on the system.iSecure Center is software released for China's domestic market only, with no overseas release."}], "affected": [{"vendor": "Hikvision", "product": "iSecure Center", "versions": [{"version": "V1.0.0 - V1.7.0", "status": "affected"}]}], "references": [{"url": "https://www.hikvision.com/cn/support/CybersecurityCenter/SecurityNotices/2023-04/"}], "credits": [{"lang": "en", "value": "hsrc", "type": "finder"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "providerMetadata": {"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32", "shortName": "hikvision", "dateUpdated": "2025-10-17T11:07:26.306Z"}, "x_generator": {"engine": "cveClient/1.0.15"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-141", "lang": "en", "description": "CWE-141 Improper Neutralization of Parameter/Argument Delimiters"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-17T12:10:12.884691Z", "id": "CVE-2023-28815", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-17T12:10:16.930Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-28815", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-10-17T12:10:12.884691Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-141", "description": "CWE-141 Improper Neutralization of Parameter/Argument Delimiters"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-17T12:09:52.020Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "hsrc"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Hikvision", "product": "iSecure Center", "versions": [{"status": "affected", "version": "V1.0.0 - V1.7.0"}]}], "references": [{"url": "https://www.hikvision.com/cn/support/CybersecurityCenter/SecurityNotices/2023-04/"}], "x_generator": {"engine": "cveClient/1.0.15"}, "descriptions": [{"lang": "en", "value": "Some versions of Hikvision's iSecure Center Product contain insufficient parameter validation, resulting in a command injection vulnerability. Attackers may exploit this to gain platform privileges and execute arbitrary commands on the system.iSecure Center is software released for China's domestic market only, with no overseas release."}], "providerMetadata": {"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32", "shortName": "hikvision", "dateUpdated": "2025-10-17T11:07:26.306Z"}}}, "cveMetadata": {"cveId": "CVE-2023-28815", "state": "PUBLISHED", "dateUpdated": "2025-10-17T12:10:16.930Z", "dateReserved": "2023-03-23T19:49:08.441Z", "assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32", "datePublished": "2025-10-17T11:07:26.306Z", "assignerShortName": "hikvision"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Some versions of Hikvision's iSecure Center Product contain insufficient parameter validation, resulting in a command injection vulnerability. Attackers may exploit this to gain platform privileges and execute arbitrary commands on the system.iSecure Center is software released for China's domestic market only, with no overseas release."}], "id": "CVE-2023-28815", "lastModified": "2025-10-21T19:31:50.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-10-17T12:15:37.093", "references": [{"source": "[email protected]", "url": "https://www.hikvision.com/cn/support/CybersecurityCenter/SecurityNotices/2023-04/"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-141"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}