Sign-up

ID

VAR-201505-0491


TITLE

Hikvision DS-7108HWI-SH XML External Entity Injection Vulnerability

Trust: 1.5

sources: CNVD: CNVD-2015-03416 // BID: 74736 // CNNVD: CNNVD-201505-437

DESCRIPTION

Hikvision DS-7108HWI-SH is a digital video recorder product of China Hikvision. Hikvision DS-7108HWI-SH has an XML external entity injection vulnerability. An attacker could use this vulnerability to obtain potentially sensitive information or cause a denial of service. This may lead to further attacks

Trust: 1.35

sources: CNVD: CNVD-2015-03416 // CNNVD: CNNVD-201505-437 // BID: 74736

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-03416

AFFECTED PRODUCTS

vendor:hikvisionmodel:ds-7108hwi-shscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2015-03416

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2015-03416
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2015-03416
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2015-03416

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-437

TYPE

Design Error

Trust: 0.3

sources: BID: 74736

EXTERNAL IDS

db:BIDid:74736

Trust: 1.5

db:CNVDid:CNVD-2015-03416

Trust: 0.6

db:CNNVDid:CNNVD-201505-437

Trust: 0.6

sources: CNVD: CNVD-2015-03416 // BID: 74736 // CNNVD: CNNVD-201505-437

REFERENCES

url:http://www.securityfocus.com/bid/74736

Trust: 1.2

sources: CNVD: CNVD-2015-03416 // CNNVD: CNNVD-201505-437

CREDITS

MustLive

Trust: 0.9

sources: BID: 74736 // CNNVD: CNNVD-201505-437

SOURCES

db:CNVDid:CNVD-2015-03416
db:BIDid:74736
db:CNNVDid:CNNVD-201505-437

LAST UPDATE DATE

2022-05-17T02:05:53.542000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2015-03416date:2015-05-28T00:00:00
db:BIDid:74736date:2015-05-20T00:00:00
db:CNNVDid:CNNVD-201505-437date:2015-05-21T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2015-03416date:2015-05-28T00:00:00
db:BIDid:74736date:2015-05-20T00:00:00
db:CNNVDid:CNNVD-201505-437date:2015-05-21T00:00:00