Search
Find a vulnerability
Search criteria
6 vulnerabilities found for ds-k1t671_firmware by hikvision
CVE-2025-66176 (GCVE-0-2025-66176)
Vulnerability from nvd – Published: 2026-01-13 01:47 – Updated: 2026-03-18 15:28
VLAI
Summary
There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
18 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hikvision | DS-K1T331 |
Affected:
Versions below V3.7.80
|
|
| Hikvision | DS-K1T341A/K1T341B |
Affected:
Versions below V3.7.80
|
|
| Hikvision | DS-K1T671/K5671 |
Affected:
Versions below V3.7.80
|
|
| Hikvision | DS-K1T672 |
Affected:
Versions below V3.7.80
|
|
| Hikvision | DS-K1T680 |
Affected:
Versions below V3.7.80
|
|
| Hikvision | DS-K1T981 |
Affected:
Versions below V3.7.80
|
|
| Hikvision | DS-K1T341C |
Affected:
Versions below V3.3.180
|
|
| Hikvision | DS-K1T670/K1T673 |
Affected:
Versions below V4.48.0
|
|
| Hikvision | DS-K1T8003 |
Affected:
Versions below V1.4.21
|
|
| Hikvision | DS-K1T804A |
Affected:
Versions below V1.4.22
|
|
| Hikvision | DS-K1T8003/8004 |
Affected:
Versions below V1.4.21
|
|
| Hikvision | DS-K1T804B |
Affected:
Versions below V1.4.23
|
|
| Hikvision | DS-K1T201A/K1T105A |
Affected:
Versions below V1.3.65
|
|
| Hikvision | DS-K1T342/K1T343/K1T344/DS-K1T6QT-F72/F43 |
Affected:
Versions below V4.48.0
|
|
| Hikvision | DS-K1T8005/DS-K1T808 |
Affected:
Versions below V3.25.40
|
|
| Hikvision | DS-K1T320/DS-K1T321 |
Affected:
Versions below V3.9.40
|
|
| Hikvision | DS-K1T323/DS-K1T510 |
Affected:
Versions below V4.23.41
|
|
| Hikvision | DS-K5033 |
Affected:
Versions below V4.37.40
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66176",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-13T14:32:35.447766Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T17:28:04.643Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-03-18T15:28:09.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2281"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DS-K1T331",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V3.7.80"
}
]
},
{
"product": "DS-K1T341A/K1T341B",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V3.7.80"
}
]
},
{
"product": "DS-K1T671/K5671",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V3.7.80"
}
]
},
{
"product": "DS-K1T672",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V3.7.80"
}
]
},
{
"product": "DS-K1T680",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V3.7.80"
}
]
},
{
"product": "DS-K1T981",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V3.7.80"
}
]
},
{
"product": "DS-K1T341C",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V3.3.180"
}
]
},
{
"product": "DS-K1T670/K1T673",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V4.48.0"
}
]
},
{
"product": "DS-K1T8003",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V1.4.21"
}
]
},
{
"product": "DS-K1T804A",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V1.4.22"
}
]
},
{
"product": "DS-K1T8003/8004",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V1.4.21"
}
]
},
{
"product": "DS-K1T804A",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V1.4.22"
}
]
},
{
"product": "DS-K1T804B",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V1.4.23"
}
]
},
{
"product": "DS-K1T201A/K1T105A",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V1.3.65"
}
]
},
{
"product": "DS-K1T342/K1T343/K1T344/DS-K1T6QT-F72/F43",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V4.48.0"
}
]
},
{
"product": "DS-K1T8005/DS-K1T808",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V3.25.40"
}
]
},
{
"product": "DS-K1T320/DS-K1T321",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V3.9.40"
}
]
},
{
"product": "DS-K1T323/DS-K1T510",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V4.23.41"
}
]
},
{
"product": "DS-K5033",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V4.37.40"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matt Wiseman of Cisco Talos"
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T01:56:32.572Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/buffer-overflow-vulnerabilities-in-some-hikvision-products/"
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2025-66176",
"datePublished": "2026-01-13T01:47:27.191Z",
"dateReserved": "2025-11-24T08:59:35.903Z",
"dateUpdated": "2026-03-18T15:28:09.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-28810 (GCVE-0-2023-28810)
Vulnerability from nvd – Published: 2023-06-15 00:00 – Updated: 2024-12-12 21:10
VLAI
Summary
Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| hikvision | DS-K1T804AXX |
Affected:
V1.4.0_build221212 , < V1.4.0_build221212
(custom)
|
|
| hikvision | DS-K1T341AXX |
Affected:
V3.2.30_build221223 , < V3.2.30_build221223
(custom)
|
|
| hikvision | DS-K1T671XXX |
Affected:
V3.2.30_build221223 , < V3.2.30_build221223
(custom)
|
|
| hikvision | DS-K1T343XXX |
Affected:
V3.14.0_build230117 , < V3.14.0_build230117
(custom)
|
|
| hikvision | DS-K1T341C |
Affected:
V3.3.8_build230112 , < V3.3.8_build230112
(custom)
|
|
| hikvision | DS-K1T320XXX |
Affected:
V3.5.0_build220706 , < V3.5.0_build220706
(custom)
|
|
| hikvision | DS-KH63 Series,DS-KH85 Series |
Affected:
V2.2.8_build230219 , < V2.2.8_build230219
(custom)
|
|
| hikvision | DS-KH9310-WTE1(B),DS-KH9510-WTE1(B) |
Affected:
V2.1.76_build230204 , < V2.1.76_build230204
(custom)
|
Date Public
2023-06-14 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28810",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-12T21:10:21.294163Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T21:10:28.899Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DS-K1T804AXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V1.4.0_build221212",
"status": "affected",
"version": "V1.4.0_build221212",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T341AXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.2.30_build221223",
"status": "affected",
"version": "V3.2.30_build221223",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T671XXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.2.30_build221223",
"status": "affected",
"version": "V3.2.30_build221223",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T343XXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.14.0_build230117",
"status": "affected",
"version": "V3.14.0_build230117",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T341C",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.3.8_build230112",
"status": "affected",
"version": "V3.3.8_build230112",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T320XXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.5.0_build220706",
"status": "affected",
"version": "V3.5.0_build220706",
"versionType": "custom"
}
]
},
{
"product": "DS-KH63 Series,DS-KH85 Series",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V2.2.8_build230219",
"status": "affected",
"version": "V2.2.8_build230219",
"versionType": "custom"
}
]
},
{
"product": "DS-KH9310-WTE1(B),DS-KH9510-WTE1(B)",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V2.1.76_build230204",
"status": "affected",
"version": "V2.1.76_build230204",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Peter Szot"
}
],
"datePublic": "2023-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-15T00:00:00.000Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/"
}
],
"solutions": [
{
"lang": "en",
"value": "https://www.hikvision.com/en/support/download/firmware/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2023-28810",
"datePublished": "2023-06-15T00:00:00.000Z",
"dateReserved": "2023-03-23T00:00:00.000Z",
"dateUpdated": "2024-12-12T21:10:28.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28809 (GCVE-0-2023-28809)
Vulnerability from nvd – Published: 2023-06-15 00:00 – Updated: 2024-12-18 16:24
VLAI
Summary
Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| hikvision | DS-K1T804AXX |
Affected:
V1.4.0_build221212 , < V1.4.0_build221212
(custom)
|
|
| hikvision | DS-K1T341AXX |
Affected:
V3.2.30_build221223 , < V3.2.30_build221223
(custom)
|
|
| hikvision | DS-K1T671XXX |
Affected:
V3.2.30_build221223 , < V3.2.30_build221223
(custom)
|
|
| hikvision | DS-K1T343XXX |
Affected:
V3.14.0_build230117 , < V3.14.0_build230117
(custom)
|
|
| hikvision | DS-K1T341C |
Affected:
V3.3.8_build230112 , < V3.3.8_build230112
(custom)
|
|
| hikvision | DS-K1T320XXX |
Affected:
V3.5.0_build220706 , < V3.5.0_build220706
(custom)
|
Date Public
2023-06-14 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/174506/Hikvision-Access-Control-Session-Hijacking.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28809",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-18T16:22:10.570445Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T16:24:05.385Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DS-K1T804AXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V1.4.0_build221212",
"status": "affected",
"version": "V1.4.0_build221212",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T341AXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.2.30_build221223",
"status": "affected",
"version": "V3.2.30_build221223",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T671XXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.2.30_build221223",
"status": "affected",
"version": "V3.2.30_build221223",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T343XXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.14.0_build230117",
"status": "affected",
"version": "V3.14.0_build230117",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T341C",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.3.8_build230112",
"status": "affected",
"version": "V3.3.8_build230112",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T320XXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.5.0_build220706",
"status": "affected",
"version": "V3.5.0_build220706",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Andres Hinnosaar"
}
],
"datePublic": "2023-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-05T16:06:26.704Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/"
},
{
"url": "http://packetstormsecurity.com/files/174506/Hikvision-Access-Control-Session-Hijacking.html"
}
],
"solutions": [
{
"lang": "en",
"value": "https://www.hikvision.com/en/support/download/firmware/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2023-28809",
"datePublished": "2023-06-15T00:00:00.000Z",
"dateReserved": "2023-03-23T00:00:00.000Z",
"dateUpdated": "2024-12-18T16:24:05.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-66176 (GCVE-0-2025-66176)
Vulnerability from cvelistv5 – Published: 2026-01-13 01:47 – Updated: 2026-03-18 15:28
VLAI
Summary
There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
18 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hikvision | DS-K1T331 |
Affected:
Versions below V3.7.80
|
|
| Hikvision | DS-K1T341A/K1T341B |
Affected:
Versions below V3.7.80
|
|
| Hikvision | DS-K1T671/K5671 |
Affected:
Versions below V3.7.80
|
|
| Hikvision | DS-K1T672 |
Affected:
Versions below V3.7.80
|
|
| Hikvision | DS-K1T680 |
Affected:
Versions below V3.7.80
|
|
| Hikvision | DS-K1T981 |
Affected:
Versions below V3.7.80
|
|
| Hikvision | DS-K1T341C |
Affected:
Versions below V3.3.180
|
|
| Hikvision | DS-K1T670/K1T673 |
Affected:
Versions below V4.48.0
|
|
| Hikvision | DS-K1T8003 |
Affected:
Versions below V1.4.21
|
|
| Hikvision | DS-K1T804A |
Affected:
Versions below V1.4.22
|
|
| Hikvision | DS-K1T8003/8004 |
Affected:
Versions below V1.4.21
|
|
| Hikvision | DS-K1T804B |
Affected:
Versions below V1.4.23
|
|
| Hikvision | DS-K1T201A/K1T105A |
Affected:
Versions below V1.3.65
|
|
| Hikvision | DS-K1T342/K1T343/K1T344/DS-K1T6QT-F72/F43 |
Affected:
Versions below V4.48.0
|
|
| Hikvision | DS-K1T8005/DS-K1T808 |
Affected:
Versions below V3.25.40
|
|
| Hikvision | DS-K1T320/DS-K1T321 |
Affected:
Versions below V3.9.40
|
|
| Hikvision | DS-K1T323/DS-K1T510 |
Affected:
Versions below V4.23.41
|
|
| Hikvision | DS-K5033 |
Affected:
Versions below V4.37.40
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66176",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-13T14:32:35.447766Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T17:28:04.643Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-03-18T15:28:09.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2281"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DS-K1T331",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V3.7.80"
}
]
},
{
"product": "DS-K1T341A/K1T341B",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V3.7.80"
}
]
},
{
"product": "DS-K1T671/K5671",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V3.7.80"
}
]
},
{
"product": "DS-K1T672",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V3.7.80"
}
]
},
{
"product": "DS-K1T680",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V3.7.80"
}
]
},
{
"product": "DS-K1T981",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V3.7.80"
}
]
},
{
"product": "DS-K1T341C",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V3.3.180"
}
]
},
{
"product": "DS-K1T670/K1T673",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V4.48.0"
}
]
},
{
"product": "DS-K1T8003",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V1.4.21"
}
]
},
{
"product": "DS-K1T804A",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V1.4.22"
}
]
},
{
"product": "DS-K1T8003/8004",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V1.4.21"
}
]
},
{
"product": "DS-K1T804A",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V1.4.22"
}
]
},
{
"product": "DS-K1T804B",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V1.4.23"
}
]
},
{
"product": "DS-K1T201A/K1T105A",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V1.3.65"
}
]
},
{
"product": "DS-K1T342/K1T343/K1T344/DS-K1T6QT-F72/F43",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V4.48.0"
}
]
},
{
"product": "DS-K1T8005/DS-K1T808",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V3.25.40"
}
]
},
{
"product": "DS-K1T320/DS-K1T321",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V3.9.40"
}
]
},
{
"product": "DS-K1T323/DS-K1T510",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V4.23.41"
}
]
},
{
"product": "DS-K5033",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V4.37.40"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matt Wiseman of Cisco Talos"
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T01:56:32.572Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/buffer-overflow-vulnerabilities-in-some-hikvision-products/"
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2025-66176",
"datePublished": "2026-01-13T01:47:27.191Z",
"dateReserved": "2025-11-24T08:59:35.903Z",
"dateUpdated": "2026-03-18T15:28:09.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-28809 (GCVE-0-2023-28809)
Vulnerability from cvelistv5 – Published: 2023-06-15 00:00 – Updated: 2024-12-18 16:24
VLAI
Summary
Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| hikvision | DS-K1T804AXX |
Affected:
V1.4.0_build221212 , < V1.4.0_build221212
(custom)
|
|
| hikvision | DS-K1T341AXX |
Affected:
V3.2.30_build221223 , < V3.2.30_build221223
(custom)
|
|
| hikvision | DS-K1T671XXX |
Affected:
V3.2.30_build221223 , < V3.2.30_build221223
(custom)
|
|
| hikvision | DS-K1T343XXX |
Affected:
V3.14.0_build230117 , < V3.14.0_build230117
(custom)
|
|
| hikvision | DS-K1T341C |
Affected:
V3.3.8_build230112 , < V3.3.8_build230112
(custom)
|
|
| hikvision | DS-K1T320XXX |
Affected:
V3.5.0_build220706 , < V3.5.0_build220706
(custom)
|
Date Public
2023-06-14 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/174506/Hikvision-Access-Control-Session-Hijacking.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28809",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-18T16:22:10.570445Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T16:24:05.385Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DS-K1T804AXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V1.4.0_build221212",
"status": "affected",
"version": "V1.4.0_build221212",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T341AXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.2.30_build221223",
"status": "affected",
"version": "V3.2.30_build221223",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T671XXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.2.30_build221223",
"status": "affected",
"version": "V3.2.30_build221223",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T343XXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.14.0_build230117",
"status": "affected",
"version": "V3.14.0_build230117",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T341C",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.3.8_build230112",
"status": "affected",
"version": "V3.3.8_build230112",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T320XXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.5.0_build220706",
"status": "affected",
"version": "V3.5.0_build220706",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Andres Hinnosaar"
}
],
"datePublic": "2023-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-05T16:06:26.704Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/"
},
{
"url": "http://packetstormsecurity.com/files/174506/Hikvision-Access-Control-Session-Hijacking.html"
}
],
"solutions": [
{
"lang": "en",
"value": "https://www.hikvision.com/en/support/download/firmware/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2023-28809",
"datePublished": "2023-06-15T00:00:00.000Z",
"dateReserved": "2023-03-23T00:00:00.000Z",
"dateUpdated": "2024-12-18T16:24:05.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28810 (GCVE-0-2023-28810)
Vulnerability from cvelistv5 – Published: 2023-06-15 00:00 – Updated: 2024-12-12 21:10
VLAI
Summary
Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| hikvision | DS-K1T804AXX |
Affected:
V1.4.0_build221212 , < V1.4.0_build221212
(custom)
|
|
| hikvision | DS-K1T341AXX |
Affected:
V3.2.30_build221223 , < V3.2.30_build221223
(custom)
|
|
| hikvision | DS-K1T671XXX |
Affected:
V3.2.30_build221223 , < V3.2.30_build221223
(custom)
|
|
| hikvision | DS-K1T343XXX |
Affected:
V3.14.0_build230117 , < V3.14.0_build230117
(custom)
|
|
| hikvision | DS-K1T341C |
Affected:
V3.3.8_build230112 , < V3.3.8_build230112
(custom)
|
|
| hikvision | DS-K1T320XXX |
Affected:
V3.5.0_build220706 , < V3.5.0_build220706
(custom)
|
|
| hikvision | DS-KH63 Series,DS-KH85 Series |
Affected:
V2.2.8_build230219 , < V2.2.8_build230219
(custom)
|
|
| hikvision | DS-KH9310-WTE1(B),DS-KH9510-WTE1(B) |
Affected:
V2.1.76_build230204 , < V2.1.76_build230204
(custom)
|
Date Public
2023-06-14 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28810",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-12T21:10:21.294163Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T21:10:28.899Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DS-K1T804AXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V1.4.0_build221212",
"status": "affected",
"version": "V1.4.0_build221212",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T341AXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.2.30_build221223",
"status": "affected",
"version": "V3.2.30_build221223",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T671XXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.2.30_build221223",
"status": "affected",
"version": "V3.2.30_build221223",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T343XXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.14.0_build230117",
"status": "affected",
"version": "V3.14.0_build230117",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T341C",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.3.8_build230112",
"status": "affected",
"version": "V3.3.8_build230112",
"versionType": "custom"
}
]
},
{
"product": "DS-K1T320XXX",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V3.5.0_build220706",
"status": "affected",
"version": "V3.5.0_build220706",
"versionType": "custom"
}
]
},
{
"product": "DS-KH63 Series,DS-KH85 Series",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V2.2.8_build230219",
"status": "affected",
"version": "V2.2.8_build230219",
"versionType": "custom"
}
]
},
{
"product": "DS-KH9310-WTE1(B),DS-KH9510-WTE1(B)",
"vendor": "hikvision",
"versions": [
{
"lessThan": "V2.1.76_build230204",
"status": "affected",
"version": "V2.1.76_build230204",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Peter Szot"
}
],
"datePublic": "2023-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-15T00:00:00.000Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-access-control-intercom/"
}
],
"solutions": [
{
"lang": "en",
"value": "https://www.hikvision.com/en/support/download/firmware/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2023-28810",
"datePublished": "2023-06-15T00:00:00.000Z",
"dateReserved": "2023-03-23T00:00:00.000Z",
"dateUpdated": "2024-12-12T21:10:28.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}