CVE-2023-28810 in DS-KH63
Summary
by MITRE • 06/16/2023
Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 12/07/2025
This vulnerability affects access control and intercom systems where unauthorized modification of device network configuration can occur through crafted network packets transmitted within the same local network segment. The flaw represents a critical security weakness that allows attackers to manipulate network parameters without proper authentication or authorization, potentially leading to complete system compromise and unauthorized access to secured facilities. The vulnerability exists in the network communication protocols used by these devices, specifically in how they process incoming configuration data packets.
The technical implementation of this vulnerability stems from insufficient input validation and authentication mechanisms within the device's network configuration interface. When devices receive network configuration data, they fail to properly verify the authenticity and integrity of the incoming packets, allowing malicious actors to inject modified configuration parameters that alter network settings such as IP addresses, gateway configurations, DNS server settings, or port configurations. This weakness directly maps to CWE-284 Access Control Issues, specifically related to insufficient access control mechanisms and improper privilege management. The vulnerability is particularly dangerous because it requires no prior authentication and operates entirely within the local network, making it accessible to anyone with physical or network access to the same subnet.
The operational impact of this vulnerability extends far beyond simple network configuration changes, as it can lead to complete system compromise and unauthorized access to secured facilities. Attackers can manipulate device network settings to redirect traffic through malicious servers, disable security features, or create backdoor access points that persist even after device reboots. This vulnerability enables several attack vectors including man-in-the-middle attacks, network segmentation bypasses, and potential lateral movement within the facility's network infrastructure. The attack surface is particularly concerning in enterprise environments where access control systems are critical components of physical security infrastructure, as demonstrated by ATT&CK technique T1046 Network Service Scanning and T1566 Phishing, where network configuration manipulation can precede more sophisticated attacks.
Mitigation strategies should focus on implementing robust network segmentation with VLANs and firewalls to isolate critical access control devices from general network traffic. Network monitoring solutions should be deployed to detect unusual configuration changes and unauthorized packet transmissions on the local network. Device firmware updates should be prioritized to address the underlying communication protocol vulnerabilities, and network access control lists should be implemented to restrict which devices can communicate with access control systems. Additionally, implementing secure network protocols such as TLS encryption for configuration management and mandatory authentication for all network configuration changes will significantly reduce the attack surface. Regular network audits should be conducted to identify and remediate unauthorized network devices that could serve as entry points for this type of attack. Organizations should also implement network intrusion detection systems specifically configured to monitor for suspicious configuration change patterns and establish automated alerting mechanisms when unauthorized modifications occur.