CVE-2023-28814
Published: 17 October 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2023-28814 is an improper file upload control vulnerability (CWE-434) present in some versions of Hikvision's iSecure Center product. This software is released exclusively for China's domestic market, with no overseas release. The issue stems from inadequate verification of files being uploaded, enabling attackers to upload malicious files to the server. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Unauthenticated remote attackers can exploit this vulnerability over the network with low attack complexity and no user interaction required. Successful exploitation allows attackers to upload malicious files to the server, potentially resulting in high impacts to confidentiality, integrity, and availability.
Hikvision has issued a security notice on this vulnerability, available at https://www.hikvision.com/cn/support/CybersecurityCenter/SecurityNotices/2023-03/.
iSecure Center is software released for China's domestic market only, with no overseas release.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability allows unauthenticated remote attackers to exploit a public-facing application via improper file upload control, directly mapping to T1190: Exploit Public-Facing Application.