Introduction
Active exploitation of Hikvision iSecure Center has resulted in unauthorized file uploads and potential remote code execution across critical deployments in 2024 and 2025. Attackers are leveraging a directory traversal flaw to bypass upload restrictions, directly impacting organizations relying on this platform for physical security management.
About Hikvision iSecure Center: Hikvision is one of the largest global manufacturers of video surveillance and security management systems, with millions of devices deployed worldwide. The iSecure Center platform is a comprehensive security management solution, primarily used in China's domestic market, integrating video surveillance, access control, and alarm management for government and enterprise environments.
Technical Information
CVE-2023-53691 is a directory traversal file upload vulnerability in Hikvision CSMP iSecure Center through 2023-06-25. The flaw resides in the /center/api/files endpoint, which is responsible for handling file uploads. Due to insufficient validation of user-supplied file paths, attackers can craft upload requests containing directory traversal sequences (such as ../). This allows files to be written outside the intended upload directory, potentially to locations that are web accessible or executable by the server.
The vulnerability is classified as CWE-24 (Path Traversal), which occurs when user input is used to construct file paths without proper sanitization, enabling attackers to escape restricted directories. Exploitation enables attackers to upload arbitrary files, such as web shells, to sensitive locations, leading to remote code execution under the privileges of the web server process.
No public code snippets or proof of concept have been published in official advisories or research at this time.
Affected Systems and Versions
- Hikvision CSMP iSecure Center through 2023-06-25
- All deployments running versions released before or on 2023-06-25 are affected
- The vulnerability specifically impacts the
/center/api/filesendpoint
Vendor Security History
Hikvision has a documented history of critical vulnerabilities in its security management platforms and surveillance devices. Notable related issues include:
- CVE-2023-28814: Improper file upload control in iSecure Center
- CVE-2023-28815: Command injection in iSecure Center
- CVE-2017-7921: Authentication bypass in Hikvision cameras and DVRs, still exploited years after disclosure
Patch response has varied, with some vulnerabilities remaining unpatched for extended periods or only partially addressed. The iSecure Center is primarily released for China's domestic market, which can complicate international support and patch availability.