CVE-2023-28811

Q: What is the severity of CVE-2023-28811?

CVE-2023-28811 has a CVSS score of 7.4 (HIGH). A buffer overflow vulnerability exists in the password recovery feature of Hikvision NVR/DVR devices. Attackers on the same local network can send specially crafted packets to cause device malfunction. This affects Hikvision NVR/DVR models with unpatched firmware.

7.4 HIGH

Denial of Service Buffer Overflow

📋 TL;DR

A buffer overflow vulnerability exists in the password recovery feature of Hikvision NVR/DVR devices. Attackers on the same local network can send specially crafted packets to cause device malfunction. This affects Hikvision NVR/DVR models with unpatched firmware.

💻 Affected Systems

Products:

Hikvision NVR devices
Hikvision DVR devices

Versions: Specific firmware versions not detailed in advisory; all unpatched versions are vulnerable

Operating Systems: Embedded Linux-based firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with password recovery feature enabled (typically default). Exact model list not specified in advisory.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device crash or denial of service, potentially requiring physical reset or replacement.

🟠

Likely Case

Device becomes unresponsive or reboots, disrupting surveillance operations.

🟢

If Mitigated

No impact if device is patched or isolated from internal threats.

🌐 Internet-Facing: LOW (requires LAN access, not directly exploitable from internet)

🏢 Internal Only: HIGH (exploitable by any attacker on the same local network)

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires LAN access and knowledge of device IP. No authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware versions released after March 2023 (check vendor advisory for exact versions)

Vendor Advisory: https://www.hikvision.com/en/support/cybersecurity/security-advisory/buffer-overflow-vulnerability-in-hikvision-nvr-dvr-devices/

Restart Required: Yes

Instructions:

1. Visit Hikvision security advisory. 2. Download latest firmware for your device model. 3. Upload firmware via web interface. 4. Reboot device after installation.

🔧 Temporary Workarounds

Disable password recovery feature

all

Turn off password recovery functionality if not needed

Network segmentation

all

Isolate surveillance devices on separate VLAN

🧯 If You Can't Patch

Segment devices on isolated network VLAN
Implement strict firewall rules to limit device communication to authorized hosts only

🔍 How to Verify

Check if Vulnerable:

Check firmware version against vendor advisory; if pre-March 2023 and unpatched, assume vulnerable

Check Version:

Check via device web interface: System > Maintenance > Version Information

Verify Fix Applied:

Verify firmware version matches patched version in vendor advisory

📡 Detection & Monitoring

Log Indicators:

Unexpected device reboots
Password recovery attempt logs
System crash logs

Network Indicators:

Unusual UDP/TCP packets to device port 8000 (default Hikvision port)
Multiple connection attempts from single internal IP

SIEM Query:

source_ip INTERNAL AND dest_port 8000 AND protocol UDP AND packet_size > normal_threshold

📊 Metadata

CVE ID: CVE-2023-28811

CVSS v3 Score: 7.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE: CWE-120

Published: November 23, 2023

Last Updated: November 21, 2024

🔗 References

https://www.hikvision.com/en/support/cybersecurity/security-advisory/buffer-overflow-vulnerability-in-hikvision-nvr-dvr-devices/ Patch,Vendor Advisory
https://www.hikvision.com/en/support/cybersecurity/security-advisory/buffer-overflow-vulnerability-in-hikvision-nvr-dvr-devices/ Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ds 7104ni Q1\(c\) Firmware by Hikvision

Ds 7104ni Q1\(d\) Firmware by Hikvision

Ds 7108ni Q1\(c\) Firmware by Hikvision

Ds 7108ni Q1\(d\) Firmware by Hikvision

Ds 7604ni K1\(c\) Firmware by Hikvision

Ds 7604ni K1\/4p\/4g\(c\) Firmware by Hikvision

Ds 7604ni Q1\(c\) Firmware by Hikvision

Ds 7604ni Q1\/4p\(c\) Firmware by Hikvision

Ds 7608ni K1\/8p\(c\) Firmware by Hikvision

Ds 7608ni K1\/8p\/4g\(c\) Firmware by Hikvision

Ds 7608ni Q1\(c\) Firmware by Hikvision

Ds 7608ni Q1\/8p\(c\) Firmware by Hikvision

Ds 7608ni Q2\(c\) Firmware by Hikvision

Ds 7608ni Q2\/8p\(c\) Firmware by Hikvision

Ds 7616ni K1\(c\) Firmware by Hikvision

Ds 7616ni Q1\(c\) Firmware by Hikvision

Ds 7616ni Q2\(c\) Firmware by Hikvision

Ds 7616ni Q2\/16p\(c\) Firmware by Hikvision

Dvr Firmware by Hikvision

Nvr 104mh C\(c\) Firmware by Hikvision

Nvr 104mh C\(d\) Firmware by Hikvision

Nvr 104mh C\/4p\(d\) Firmware by Hikvision

Nvr 104mh D\(c\) Firmware by Hikvision

Nvr 104mh D\(d\) Firmware by Hikvision

Nvr 104mh D\/4p\(c\) Firmware by Hikvision

Nvr 108h D\(c\) Firmware by Hikvision

Nvr 108h D\/8p\(c\) Firmware by Hikvision

Nvr 108h D\/8p\(d\) Firmware by Hikvision

Nvr 108mh C\(c\) Firmware by Hikvision

Nvr 108mh C\(d\) Firmware by Hikvision

Nvr 108mh C\/8p\(c\) Firmware by Hikvision

Nvr 108mh D\(c\) Firmware by Hikvision

Nvr 108mh D\(d\) Firmware by Hikvision

Nvr 108mh D\/8p\(c\) Firmware by Hikvision

Nvr 116mh C\(c\) Firmware by Hikvision

Nvr 116mh C\(d\) Firmware by Hikvision

Nvr 208mh C\(c\) Firmware by Hikvision

Nvr 208mh C\/8p\(d\) Firmware by Hikvision

Nvr 216mh C\(d\) Firmware by Hikvision

Nvr 216mh C\/16p\(d\) Firmware by Hikvision