Sign-up

ID

VAR-202104-2077


TITLE

Hikvision's video and environmental integrated monitoring and management system has arbitrary password reset vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2021-25933

DESCRIPTION

Hikvision is a video-centric IoT solution provider, providing comprehensive security, smart business and big data services. Hikvision's video and environmental integrated monitoring and management system has an arbitrary password reset vulnerability, which can be exploited by attackers to affect the integrity of the system.

Trust: 0.6

sources: CNVD: CNVD-2021-25933

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-25933

AFFECTED PRODUCTS

vendor:hikvision digitalmodel:video and environment integrated monitoring management system v2.1.0 66808 build150831 bscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2021-25933

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2021-25933
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2021-25933
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2021-25933

EXTERNAL IDS

db:CNVDid:CNVD-2021-25933

Trust: 0.6

sources: CNVD: CNVD-2021-25933

SOURCES

db:CNVDid:CNVD-2021-25933

LAST UPDATE DATE

2022-05-04T10:03:10.449000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-25933date:2021-04-08T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-25933date:2021-04-29T00:00:00