Hikvision iSecure Center Comprehensive Security Management Platform File Upload Vulnerability

A file upload vulnerability has been identified in Hikvision's iSecure Center Comprehensive Security Management Platform, through versions prior to 2023-06-25. This vulnerability allows for arbitrary file uploads via a directory traversal exploit in the '/center/api/files' endpoint. The issue has been reported to be actively exploited in the wild in 2024 and 2025.

Impact

Exploitation of this vulnerability allows for arbitrary file upload, which could lead to further attacks such as remote code execution, depending on the uploaded file and the application's handling of it.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/center/api/files' endpoint with a crafted 'file' parameter that includes a directory traversal sequence. This request should be sent as multipart/form-data, with the 'filename' set to a path that traverses directories to reach a writable location on the server, such as the Tomcat webapps directory. Once the file is uploaded, it can be accessed through the 'clusterMgr' endpoint.

Remediation

Users are advised to contact Hikvision for a solution.