Critical Vulnerability in Hikvision Products

Published on 14 Apr 2023 | Updated on 15 Apr 2023

Hikvision has released an update to address a critical vulnerability (CVE-2023-28808) in some Hikvision Hybrid SAN/Cluster Storage products used by organisations to store video security data.

Successful exploitation of the access control vulnerability could allow an attacker to obtain the admin permission to send crafted messages to the affected devices and gain access to the stored video security data.

The vulnerability affects the following product versions:

  • Versions below V2.3.8-8 (including V2.3.8-8): DS-A71024/48/72R, DS-A80624S, DS-A81016S, DS-A72024/72R, DS-A80316S, DS-A82024D.
  • Versions below V1.1.4 (including V1.1.4): DS-A71024/48R-CVS.

Users and administrators of affected product versions are advised to upgrade to the latest versions immediately.

More information is available here: