CVE-2023-3836

Dahua Smart Park Management unrestricted upload

Basic Information

CVE State: PUBLISHED
Reserved Date: July 21, 2023
Published Date: July 22, 2023
Last Updated: August 02, 2024
Vendor: Dahua
Product: Smart Park Management
Description: A vulnerability classified as critical was found in Dahua Smart Park Management up to 20230713. This vulnerability affects unknown code of the file /emap/devicePoint_addImgIco?hasSubsystem=true. The manipulation of the argument upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235162 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. In Dahua Smart Park Management bis 20230713 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /emap/devicePoint_addImgIco?hasSubsystem=true. Durch Manipulation des Arguments upload mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
Tags

6.3 - MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

6.3 - MEDIUM

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

6.5

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Source	Added Date
The Shadowserver (via CIRCL)	2025-07-08 12:02:20 UTC

Scanner	URL	Date Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-3836.yaml	2025-04-26 00:00:00 UTC

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

Type: github • Created: 2023-08-30 12:11:42 UTC • Stars: 0

大华智慧园区综合管理平台publishing文件上传