Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in Hikvision Products
Alerts

Critical Vulnerability in Hikvision Products

14 April 2023

Hikvision has released an update to address a critical vulnerability (CVE-2023-28808) in some Hikvision Hybrid SAN/Cluster Storage products used by organisations to store video security data.

Successful exploitation of the access control vulnerability could allow an attacker to obtain the admin permission to send crafted messages to the affected devices and gain access to the stored video security data.

The vulnerability affects the following product versions:

  • Versions below V2.3.8-8 (including V2.3.8-8): DS-A71024/48/72R, DS-A80624S, DS-A81016S, DS-A72024/72R, DS-A80316S, DS-A82024D.

  • Versions below V1.1.4 (including V1.1.4): DS-A71024/48R-CVS.

Users and administrators of affected product versions are advised to upgrade to the latest versions immediately.

More information is available here:

https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-hybrid-san-cluster-stor/

https://nvd.nist.gov/vuln/detail/CVE-2023-28808

https://vuldb.com/?id.225670

https://www.securityweek.com/critical-vulnerability-in-hikvision-storage-solutions-exposes-video-security-data/

Back to top