Sign-up

ID

VAR-202108-2478


TITLE

An arbitrary file download vulnerability exists in the network gateway of Hangzhou Hikvision Digital Technology Co., Ltd.

Trust: 0.6

sources: CNVD: CNVD-2021-51853

DESCRIPTION

Hangzhou Hikvision Digital Technology Co., Ltd. is a video-centric IoT solution provider, providing comprehensive security, smart business and big data services. The network gateway of Hangzhou Hikvision Digital Technology Co., Ltd. has an arbitrary file download vulnerability. Attackers can use the vulnerability to obtain sensitive information.

Trust: 0.6

sources: CNVD: CNVD-2021-51853

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-51853

AFFECTED PRODUCTS

vendor:hikvision digitalmodel:networking gatewayscope:eqversion:v2.3.6

Trust: 0.6

vendor:hikvision digitalmodel:networking gatewayscope:eqversion:v3.0

Trust: 0.6

sources: CNVD: CNVD-2021-51853

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2021-51853
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2021-51853
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2021-51853

EXTERNAL IDS

db:CNVDid:CNVD-2021-51853

Trust: 0.6

sources: CNVD: CNVD-2021-51853

SOURCES

db:CNVDid:CNVD-2021-51853

LAST UPDATE DATE

2022-05-04T09:45:54.861000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-51853date:2021-08-05T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-51853date:2021-08-19T00:00:00