Loading
Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user.
Use CWE-284, Hikvision vendor hub and Ds-K1t320efwx Firmware product page to widen CVE-2023-28809 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2023-28810 for nearby disclosures in the same product family.