|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-10-29 | |
| Rule Name: | HIKVISION iSecure Center uploadAllPackage Interface Arbitrary File Upload Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | The HIKVISION iSecure Center platform is an intelligent platform that centrally manages access video surveillance for unified deployment and scheduling. HIKVISION iSecure Center platform /center_install/picUploadService/v1/uploadAllPackage/image interface has any file upload loopholes, allow the attacker to upload malicious files to the server, Can result in remote code execution, website tampering, or other forms of attack, seriously threatening system and data security. | |
| Impact: | Attackers can upload viruses, Trojans, WebShell, other malicious scripts or pictures containing scripts to the server, and attackers can use these files for subsequent attacks. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |