{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-28814", "assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32", "state": "PUBLISHED", "assignerShortName": "hikvision", "dateReserved": "2023-03-23T19:49:08.440Z", "datePublished": "2025-10-17T11:07:06.801Z", "dateUpdated": "2025-10-17T13:04:24.853Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "Some versions of Hikvision's iSecure Center Product have an improper file upload control vulnerability. Due to the improper verification of file to be uploaded, attackers may upload malicious files to the server. iSecure Center is software released for China's domestic market only, with no overseas release."}], "affected": [{"vendor": "Hikvision", "product": "iSecure Center", "versions": [{"version": "V1.0.0 - V1.7.0", "status": "affected"}]}], "references": [{"url": "https://www.hikvision.com/cn/support/CybersecurityCenter/SecurityNotices/2023-03/"}], "credits": [{"lang": "en", "value": "hsrc", "type": "finder"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "providerMetadata": {"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32", "shortName": "hikvision", "dateUpdated": "2025-10-17T11:07:06.801Z"}, "x_generator": {"engine": "cveClient/1.0.15"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-434", "lang": "en", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-17T13:04:13.622732Z", "id": "CVE-2023-28814", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-17T13:04:24.853Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-28814", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-10-17T13:04:13.622732Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-17T13:04:02.768Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "hsrc"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Hikvision", "product": "iSecure Center", "versions": [{"status": "affected", "version": "V1.0.0 - V1.7.0"}]}], "references": [{"url": "https://www.hikvision.com/cn/support/CybersecurityCenter/SecurityNotices/2023-03/"}], "x_generator": {"engine": "cveClient/1.0.15"}, "descriptions": [{"lang": "en", "value": "Some versions of Hikvision's iSecure Center Product have an improper file upload control vulnerability. Due to the improper verification of file to be uploaded, attackers may upload malicious files to the server. iSecure Center is software released for China's domestic market only, with no overseas release."}], "providerMetadata": {"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32", "shortName": "hikvision", "dateUpdated": "2025-10-17T11:07:06.801Z"}}}, "cveMetadata": {"cveId": "CVE-2023-28814", "state": "PUBLISHED", "dateUpdated": "2025-10-17T13:04:24.853Z", "dateReserved": "2023-03-23T19:49:08.440Z", "assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32", "datePublished": "2025-10-17T11:07:06.801Z", "assignerShortName": "hikvision"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Some versions of Hikvision's iSecure Center Product have an improper file upload control vulnerability. Due to the improper verification of file to be uploaded, attackers may upload malicious files to the server. iSecure Center is software released for China's domestic market only, with no overseas release."}], "id": "CVE-2023-28814", "lastModified": "2025-10-17T13:15:43.503", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "hsrc@hikvision.com", "type": "Secondary"}]}, "published": "2025-10-17T11:15:33.647", "references": [{"source": "hsrc@hikvision.com", "url": "https://www.hikvision.com/cn/support/CybersecurityCenter/SecurityNotices/2023-03/"}], "sourceIdentifier": "hsrc@hikvision.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{}