Sign-up

ID

VAR-202104-2074


TITLE

Any file download vulnerability exists in Hikvision's video and environmental integrated monitoring and management system

Trust: 0.6

sources: CNVD: CNVD-2021-22834

DESCRIPTION

Hikvision is a video-centric IoT solution provider, providing comprehensive security, smart business and big data services. Hikvision's video and environmental integrated monitoring and management system has an arbitrary file download vulnerability, which can be exploited by attackers to obtain sensitive information.

Trust: 0.6

sources: CNVD: CNVD-2021-22834

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-22834

AFFECTED PRODUCTS

vendor:hikvision digitalmodel:video and environmental integrated monitoring and management systemscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2021-22834

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2021-22834
value: LOW

Trust: 0.6

CNVD: CNVD-2021-22834
severity: LOW
baseScore: 2.1
vectorString: AV:N/AC:H/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2021-22834

EXTERNAL IDS

db:CNVDid:CNVD-2021-22834

Trust: 0.6

sources: CNVD: CNVD-2021-22834

SOURCES

db:CNVDid:CNVD-2021-22834

LAST UPDATE DATE

2022-05-04T10:10:36.178000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-22834date:2021-03-26T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-22834date:2021-04-29T00:00:00