CVE-2024-47485

There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could build malicious data to generate executable commands in the CSV file.
Configurations

Configuration 1 (hide)

cpe:2.3:a:hikvision:hikcentral_master:*:*:*:*:lite:*:*:*

History

22 Oct 2024, 16:23

Type Values Removed Values Added
CPE cpe:2.3:a:hikvision:hikcentral_master:*:*:*:*:lite:*:*:*
First Time Hikvision
Hikvision hikcentral Master
CWE CWE-1236
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
References () https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikcentral-product-series/ - () https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikcentral-product-series/ - Vendor Advisory

18 Oct 2024, 12:52

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de inyección de CSV en algunas versiones de HikCentral Master Lite. Si se aprovecha, un atacante podría crear datos maliciosos para generar comandos ejecutables en el archivo CSV.

18 Oct 2024, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-18 09:15

Updated : 2024-10-22 16:23


NVD link : CVE-2024-47485

Mitre link : CVE-2024-47485

CVE.ORG link : CVE-2024-47485


JSON object : View

Products Affected

hikvision

  • hikcentral_master
CWE
CWE-1236

Improper Neutralization of Formula Elements in a CSV File