Published on 14 Apr 2023 | Updated on 15 Apr 2023
Hikvision has released an update to address a critical vulnerability (CVE-2023-28808) in some Hikvision Hybrid SAN/Cluster Storage products used by organisations to store video security data.
Successful exploitation of the access control vulnerability could allow an attacker to obtain the admin permission to send crafted messages to the affected devices and gain access to the stored video security data.
The vulnerability affects the following product versions:
Users and administrators of affected product versions are advised to upgrade to the latest versions immediately.
More information is available here:
https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-hybrid-san-cluster-stor/