CVE-2023-6894 - Vulnerability Details

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been classified as problematic. This affects an unknown part of the file access/html/system.html of the component Log File Handler. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-248253 was assigned to this vulnerability.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Hikvision	Ds-kd-bk Ds-kd-dis Ds-kd-e Ds-kd-in Ds-kd-info Ds-kd-kk Ds-kd-kk\/s Ds-kd-kp Ds-kd-kp\/s Ds-kd-m Ds-kd3003-e6 Ds-kd8003ime1\(b\) Ds-kd8003ime1\(b\)\/flush Ds-kd8003ime1\(b\)\/ns Ds-kd8003ime1\(b\)\/s Ds-kd8003ime1\(b\)\/surface Ds-kh6220-le1 Ds-kh6320-le1 Ds-kh6320-tde1 Ds-kh6320-te1 Ds-kh6320-wtde1 Ds-kh6320-wte1 Ds-kh6350-wte1 Ds-kh6351-te1 Ds-kh6351-wte1 Ds-kh63le1\(b\) Ds-kh8520-wte1 Ds-kh9310-wte1\(b\) Ds-kh9510-wte1\(b\) Intercom Broadcast System

Configuration 1 [-]

AND

cpe:2.3:o:hikvision:intercom_broadcast_system:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:hikvision:ds-kd-bk:-:::::::*
	cpe:2.3:h:hikvision:ds-kd-dis:-:::::::*
	cpe:2.3:h:hikvision:ds-kd-e:-:::::::*
	cpe:2.3:h:hikvision:ds-kd-in:-:::::::*
	cpe:2.3:h:hikvision:ds-kd-info:-:::::::*
	cpe:2.3:h:hikvision:ds-kd-kk:-:::::::*
	cpe:2.3:h:hikvision:ds-kd-kk\/s:-:::::::*
	cpe:2.3:h:hikvision:ds-kd-kp:-:::::::*
	cpe:2.3:h:hikvision:ds-kd-kp\/s:-:::::::*
	cpe:2.3:h:hikvision:ds-kd-m:-:::::::*
	cpe:2.3:h:hikvision:ds-kd3003-e6:-:::::::*
	cpe:2.3:h:hikvision:ds-kd8003ime1\(b\):-:::::::*
	cpe:2.3:h:hikvision:ds-kd8003ime1\(b\)\/flush:-:::::::*
	cpe:2.3:h:hikvision:ds-kd8003ime1\(b\)\/ns:-:::::::*
	cpe:2.3:h:hikvision:ds-kd8003ime1\(b\)\/s:-:::::::*
	cpe:2.3:h:hikvision:ds-kd8003ime1\(b\)\/surface:-:::::::*
	cpe:2.3:h:hikvision:ds-kh6220-le1:-:::::::*
	cpe:2.3:h:hikvision:ds-kh6320-le1:-:::::::*
	cpe:2.3:h:hikvision:ds-kh6320-tde1:-:::::::*
	cpe:2.3:h:hikvision:ds-kh6320-te1:-:::::::*
	cpe:2.3:h:hikvision:ds-kh6320-wtde1:-:::::::*
	cpe:2.3:h:hikvision:ds-kh6320-wte1:-:::::::*
	cpe:2.3:h:hikvision:ds-kh6350-wte1:-:::::::*
	cpe:2.3:h:hikvision:ds-kh6351-te1:-:::::::*
	cpe:2.3:h:hikvision:ds-kh6351-wte1:-:::::::*
	cpe:2.3:h:hikvision:ds-kh63le1\(b\):-:::::::*
	cpe:2.3:h:hikvision:ds-kh8520-wte1:-:::::::*
	cpe:2.3:h:hikvision:ds-kh9310-wte1\(b\):-:::::::*
	cpe:2.3:h:hikvision:ds-kh9510-wte1\(b\):-:::::::*

No data.

References

Link	Providers
https://github.com/willchen0011/cve/blob/main/unaccess.md
https://vuldb.com/?ctiid.248253
https://vuldb.com/?id.248253

History

Wed, 07 May 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2023-12-17T07:31:03.712Z

Updated: 2025-05-07T20:41:21.185Z

Reserved: 2023-12-16T15:16:07.046Z

Link: CVE-2023-6894

Vulnrichment

Updated: 2024-08-02T08:42:08.429Z

NVD

Status : Modified

Published: 2023-12-17T08:15:06.833

Modified: 2024-11-21T08:44:46.827

Link: CVE-2023-6894

Redhat

No data.

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object