CVE-2023-6894: Hikvision Intercom Broadcasting System Log File system.html information disclosure
First published: Sun Dec 17 2023(Updated: )
A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been classified as problematic. This affects an unknown part of the file access/html/system.html of the component Log File Handler. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-248253 was assigned to this vulnerability.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Hikvision Intercom Broadcast System | >=3.0.3<4.1.0 | |
| Any of | ||
| Hikvision DS-KD-BK | ||
| Hikvision DS-KD-DIS | ||
| Hikvision DS-KD-E | ||
| Hikvision DS-KD-IN | ||
| Hikvision DS-KD-INFO | ||
| Hikvision DS-KD-KK | ||
| Hikvision DS-KD-KK/S | ||
| Hikvision DS-KD-KP | ||
| Hikvision DS-KD-KP/S | ||
| Hikvision DS-KD-M | ||
| Hikvision DS-KD3003-E6 | ||
| Hikvision DS-KD8003IME1(B) | ||
| Hikvision DS-KD8003IME1(B) | ||
| Hikvision DS-KD8003IME1(B)/NS | ||
| Hikvision DS-KD8003IME1(B)/S | ||
| Hikvision DS-KD8003IME1(B)/SURFACE | ||
| Hikvision DS-KH6220-LE1 Firmware | ||
| Hikvision DS-KH6320 | ||
| Hikvision DS-KH6320 | ||
| Hikvision DS-KH6320 | ||
| Hikvision DS-KH6320 | ||
| Hikvision DS-KH6320 | ||
| Hikvision DS-KH6350-WTE1 Firmware | ||
| Hikvision DS-KH6351-TE1 Firmware | ||
| Hikvision DS-KH6351-TE1 | ||
| Hikvision DS-KH63LE1(B) | ||
| Hikvision DS-KH8520-WTE1 | ||
| Hikvision DS-KH9310-WTE1(B) | ||
| Hikvision DS-KH9510-WTE1(B) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-6894?
CVE-2023-6894 is classified as problematic, indicating a moderate severity level.
How do I fix CVE-2023-6894?
To fix CVE-2023-6894, update the Hikvision Intercom Broadcasting System to version 4.1.0 or later.
What does CVE-2023-6894 affect?
CVE-2023-6894 affects the Log File Handler component within the file access/html/system.html.
What type of vulnerability is CVE-2023-6894?
CVE-2023-6894 is an information disclosure vulnerability.
Who is affected by CVE-2023-6894?
Users of Hikvision Intercom Broadcasting System versions 3.0.3 up to 4.1.0 are affected by CVE-2023-6894.
- agent/type
- agent/first-publish-date
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/title
- agent/description
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/hikvision
- canonical/hikvision intercom broadcast system
- version/hikvision intercom broadcast system/3.0.3
- canonical/hikvision ds-kd-bk
- canonical/hikvision ds-kd-dis
- canonical/hikvision ds-kd-e
- canonical/hikvision ds-kd-in
- canonical/hikvision ds-kd-info
- canonical/hikvision ds-kd-kk
- canonical/hikvision ds-kd-kk/s
- canonical/hikvision ds-kd-kp
- canonical/hikvision ds-kd-kp/s
- canonical/hikvision ds-kd-m
- canonical/hikvision ds-kd3003-e6
- canonical/hikvision ds-kd8003ime1(b)
- canonical/hikvision ds-kd8003ime1(b)/ns
- canonical/hikvision ds-kd8003ime1(b)/s
- canonical/hikvision ds-kd8003ime1(b)/surface
- canonical/hikvision ds-kh6220-le1 firmware
- canonical/hikvision ds-kh6320
- canonical/hikvision ds-kh6350-wte1 firmware
- canonical/hikvision ds-kh6351-te1 firmware
- canonical/hikvision ds-kh6351-te1
- canonical/hikvision ds-kh63le1(b)
- canonical/hikvision ds-kh8520-wte1
- canonical/hikvision ds-kh9310-wte1(b)
- canonical/hikvision ds-kh9510-wte1(b)