Search
Find a vulnerability
Search criteria
85 vulnerabilities by hikvision
CVE-2026-32684 (GCVE-0-2026-32684)
Vulnerability from nvd – Published: 2026-05-12 10:51 – Updated: 2026-06-02 16:04
VLAI
Summary
The application does not impose strict enough restrictions on directory access permissions, posing a risk that other malicious applications could obtain sensitive information.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hikvision | Hik-Connect APP |
Affected:
V6.10.x
Unaffected: V6.12.0 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32684",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-12T12:06:07.612844Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T16:04:38.256Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hik-Connect APP",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "V6.10.x"
},
{
"status": "unaffected",
"version": "V6.12.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Yi\u011fithan Y\u00fcceda\u011f"
}
],
"descriptions": [
{
"lang": "en",
"value": "The application does not impose strict enough restrictions on directory access permissions, posing a risk that other malicious applications could obtain sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T10:51:08.585Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://pinfo.hikvision.com/hkwsen/unzip/20260511114030_14652_doc/GUID-A47A8570-631E-4F62-BCEE-37E9F2983DD7.html"
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2026-32684",
"datePublished": "2026-05-12T10:51:08.585Z",
"dateReserved": "2026-03-13T07:45:08.745Z",
"dateUpdated": "2026-06-02T16:04:38.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3828 (GCVE-0-2026-3828)
Vulnerability from nvd – Published: 2026-05-09 08:27 – Updated: 2026-05-11 15:22
VLAI
Summary
Some Hikvision switch products (discontinued since December 2023) are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hikvision | DS-3E1310P-SI |
Affected:
Versions below V1.2.4_210623 (including V1.2.4_210623)
|
|
| Hikvision | DS-3E1318P-SI |
Affected:
Versions below V1.2.0_210823 (including V1.2.0_210823)
|
|
| Hikvision | DS-3E1326P-SI |
Affected:
Versions below V1.2.0_210823 (including V1.2.0_210823)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3828",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-11T15:22:31.962279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T15:22:55.314Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DS-3E1310P-SI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V1.2.4_210623 (including V1.2.4_210623)"
}
]
},
{
"product": "DS-3E1318P-SI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V1.2.0_210823 (including V1.2.0_210823)"
}
]
},
{
"product": "DS-3E1326P-SI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V1.2.0_210823 (including V1.2.0_210823)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thiago Torres (torresm)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Hikvision switch products (discontinued since December 2023) are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-09T08:27:55.964Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/command-execution-vulnerability-in-some-hikvision-switch-product/"
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2026-3828",
"datePublished": "2026-05-09T08:27:55.964Z",
"dateReserved": "2026-03-09T09:20:38.428Z",
"dateUpdated": "2026-05-11T15:22:55.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1749 (GCVE-0-2026-1749)
Vulnerability from nvd – Published: 2026-05-09 08:27 – Updated: 2026-05-11 15:21
VLAI
Summary
There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hikvision | HikCentral Professional |
Affected:
V2.4.0~V3.0.1
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1749",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-11T15:21:36.019611Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T15:21:55.304Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HikCentral Professional",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "V2.4.0~V3.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ayoub ELMOKHTAR from the Offensive Security Team (Noon)"
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-09T08:27:15.849Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-hikcentral-professional/"
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2026-1749",
"datePublished": "2026-05-09T08:27:15.849Z",
"dateReserved": "2026-02-02T02:00:26.271Z",
"dateUpdated": "2026-05-11T15:21:55.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0709 (GCVE-0-2026-0709)
Vulnerability from nvd – Published: 2026-01-30 11:01 – Updated: 2026-02-27 14:49
VLAI
Summary
Some Hikvision Wireless Access Points are vulnerable to authenticated command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hikvision | DS-3WAP521-SI |
Affected:
V1.1.6303 build250812 and earlier
|
|
| Hikvision | DS-3WAP522-SI |
Affected:
V1.1.6303 build250812 and earlier
|
|
| Hikvision | DS-3WAP621E-SI |
Affected:
V1.1.6303 build250812 and earlier
|
|
| Hikvision | DS-3WAP622E-SI |
Affected:
V1.1.6303 build250812 and earlier
|
|
| Hikvision | DS-3WAP623E-SI |
Affected:
V1.1.6303 build250812 and earlier
|
|
| Hikvision | DS-3WAP622G-SI |
Affected:
V1.1.6303 build250812 and earlier
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0709",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-30T12:13:24.741883Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T14:49:22.572Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DS-3WAP521-SI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "V1.1.6303 build250812 and earlier"
}
]
},
{
"product": "DS-3WAP522-SI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "V1.1.6303 build250812 and earlier"
}
]
},
{
"product": "DS-3WAP621E-SI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "V1.1.6303 build250812 and earlier"
}
]
},
{
"product": "DS-3WAP622E-SI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "V1.1.6303 build250812 and earlier"
}
]
},
{
"product": "DS-3WAP623E-SI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "V1.1.6303 build250812 and earlier"
}
]
},
{
"product": "DS-3WAP622G-SI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "V1.1.6303 build250812 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "exzettabyte"
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Hikvision Wireless Access Points are vulnerable to authenticated command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-30T11:01:55.633Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/command-execution-vulnerability-in-some-hikvision-wireless-access-point-products/"
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2026-0709",
"datePublished": "2026-01-30T11:01:55.633Z",
"dateReserved": "2026-01-08T05:49:12.677Z",
"dateUpdated": "2026-02-27T14:49:22.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66177 (GCVE-0-2025-66177)
Vulnerability from nvd – Published: 2026-01-13 01:47 – Updated: 2026-01-13 17:27
VLAI
Summary
There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision NVR/DVR/CVR/IPC models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
Impacted products
99 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hikvision | DS-96xxxNI-Hx |
Affected:
Build date before 250807
|
|
| Hikvision | DS-96xxxNI-Ix |
Affected:
Build date before 250807
|
|
| Hikvision | DS-96xxNXI-Sx |
Affected:
Build date before 250807
|
|
| Hikvision | DS-96xxxNXI-Sx |
Affected:
Build date before 250807
|
|
| Hikvision | DS-76xxNXI-Mx/VPro |
Affected:
Build date before 250807
|
|
| Hikvision | DS-96xxNXI-Mx/VPro |
Affected:
Build date before 250807
|
|
| Hikvision | DS-76xxNI-Mx |
Affected:
Build date before 250807
|
|
| Hikvision | DS-77xxNI-Mx |
Affected:
Build date before 250807
|
|
| Hikvision | DS-96xxNXI-Mx |
Affected:
Build date before 250807
|
|
| Hikvision | DS-96xxxNXI-Mx |
Affected:
Build date before 250807
|
|
| Hikvision | DS-86xxxNXI-Mx |
Affected:
Build date before 250807
|
|
| Hikvision | DS-76xxNXI-Ix/S |
Affected:
Build date before 250807
|
|
| Hikvision | DS-77xxNXI-Ix/S |
Affected:
Build date before 250807
|
|
| Hikvision | DS-86xxNXI-Ix/S |
Affected:
Build date before 250807
|
|
| Hikvision | DS-96xxNXI-Ix/S |
Affected:
Build date before 250807
|
|
| Hikvision | DS-76xxNXI-Ix/VPro |
Affected:
Build date before 250807
|
|
| Hikvision | DS-77xxNXI-Ix/VPro |
Affected:
Build date before 250807
|
|
| Hikvision | DS-76xxNXI-Kx(/xP) including(D)、(E)、(B) |
Affected:
Build date before 250807
|
|
| Hikvision | DS-77xxNXI-Kx(/xP) including(D)、(E)、(B) |
Affected:
Build date before 250807
|
|
| Hikvision | DS-76xxNXI-Kx(/xP)/Vpro |
Affected:
Build date before 250807
|
|
| Hikvision | DS-77xxNXI-Kx(/xP)/Vpro |
Affected:
Build date before 250807
|
|
| Hikvision | DS-76xxNI-Qx(/xP) including(D)、(E) |
Affected:
Build date before 250807
|
|
| Hikvision | DS-71xxNI-Q1(/xP)/M |
Affected:
Build date before 250807
|
|
| Hikvision | DS-71xxNI-Q1(/xP) |
Affected:
Build date before 250807
|
|
| Hikvision | DS-710xNI-G1/(xP)/M |
Affected:
Build date before 250807
|
|
| Hikvision | DS-76xxNI-Q1(/xP) |
Affected:
Build date before 250807
|
|
| Hikvision | DS-76xxNI-Q2(/xP) |
Affected:
Build date before 250807
|
|
| Hikvision | DS-76xxNXI-K1(/xP) |
Affected:
Build date before 250807
|
|
| Hikvision | DS-76xxNXI-K2(/xP) |
Affected:
Build date before 250807
|
|
| Hikvision | DS-77xxNXI-K4(/xP) |
Affected:
Build date before 250807
|
|
| Hikvision | DS-86xxNXI-K8(/xP) |
Affected:
Build date before 250807
|
|
| Hikvision | DS-76xxNXI-K1(/xP)/VPro |
Affected:
Build date before 250807
|
|
| Hikvision | DS-76xxNXI-K2(/xP)/VPro |
Affected:
Build date before 250807
|
|
| Hikvision | DS-77xxNXI-K4(/xP)/VPro |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-71xxHGHI-M1(/T) |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-72xxHGHI-M1(/T) |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-71xxHQHI-M1(/T) |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-72xxHQHI-M1(/T) |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-72xxHQHI-Mx/XT |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-72xxHUHI-Mx/XT |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-72xxHTHI-Mx/XT |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-90xxHUHI-M8/S(S) |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-73xxHUHI-M4/S(S) |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-81xxHUHI-M8/S(S) |
Affected:
Build date before 250807
|
|
| Hikvision | DS-71xxHGHI-M1(/T) |
Affected:
Build date before 250807
|
|
| Hikvision | DS-72xxHGHI-M1(/T) |
Affected:
Build date before 250807
|
|
| Hikvision | DS-ExxHGHI-xx |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-71xxHQHI-M1/S |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-72xxHQHI-M1/E |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-71xxHQHI-M1/T |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-72xxHQHI-M1/T |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-73xxHQHI-M4/S |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-81xxHQHI-M8/S |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-90xxHQHI-M8/S |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-ExxHQHI-xx |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-71xxHUHI-M1/S |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-72xxHUHI-M1/E |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-72xxHUHI-M1/T |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-72xxHUHI-Mx/X |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-72xxHUHI-Mx/PXT |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-73xxHUHI-M4/S |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-90xxHUHI-M8/S |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-ExxHUHI-xx |
Affected:
Build date before 250807
|
|
| Hikvision | DS-A806xxSI |
Affected:
Build date before 250807
|
|
| Hikvision | DS-AT1000SI |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-96xxxNXI-Hx |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-96064NXI-I16 |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-96xxxNXI-Ix/AI |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-67xxNXI-Mx/X |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-76xxNXI-Mx/X |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-77xxNXI-Mx/X |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-96xxNXI-Mx/X |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-96xxxNXI-Mx/X |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-96xxxNXI-Hx/AI |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-96xxNXI-Mx/AI |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-67xxNXI-Mx/AI |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-67xxxNXI-Mx/AI |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-67xxNXI-S/T |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-67xxNXI-S |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-6704NXI/AI |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-67xxNXI-P1 |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-7608NXI-P2 |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-77xxNXI-P4 |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-96xxNXI-Px |
Affected:
Build date before 250807
|
|
| Hikvision | DS-2CD1xxxG2 |
Affected:
Versions below V5.7.13_230822 (including V5.7.13_230822)
|
|
| Hikvision | DS-2CD3xx1G2 |
Affected:
Versions below V5.7.13_230822 (including V5.7.13_230822)
|
|
| Hikvision | HWI-xxxxHA |
Affected:
Versions below V5.7.13_230822 (including V5.7.13_230822)
|
|
| Hikvision | IPC-xxxxHA |
Affected:
Versions below V5.7.13_230822 (including V5.7.13_230822)
|
|
| Hikvision | DS-2CD2Dx5G1 |
Affected:
Versions below V5.7.210_240826 (including V5.7.210_240826)
|
|
| Hikvision | DS-2CD64x5G1 |
Affected:
Versions below V5.7.210_240826 (including V5.7.210_240826)
|
|
| Hikvision | DS-2CD29xxG0 |
Affected:
Versions below V5.7.21_240814 (including V5.7.21_240814)
|
|
| Hikvision | DS-2XE6xxxG0 |
Affected:
Versions below V5.7.7build241203 (including V5.7.7build241203)
|
|
| Hikvision | DS-2XC6xxxG0 |
Affected:
Versions below V5.7.7build241203 (including V5.7.7build241203)
|
|
| Hikvision | DS-2CD1xxxG0(T) |
Affected:
Versions below V5.7.23_241015 (including V5.7.23_241015)
|
|
| Hikvision | DS-2CD1xx1 |
Affected:
Versions below V5.7.23_241015 (including V5.7.23_241015)
|
|
| Hikvision | DS-2CD3xx1G0 |
Affected:
Versions below V5.7.23_241015 (including V5.7.23_241015)
|
|
| Hikvision | DS-2CD2xx1G0 |
Affected:
Versions below V5.7.23_241015 (including V5.7.23_241015)
|
|
| Hikvision | IPC-xxxxH |
Affected:
Versions below V5.7.23_241015 (including V5.7.23_241015)
|
|
| Hikvision | HWI-xxxH(C) |
Affected:
Versions below V5.7.23_241015 (including V5.7.23_241015)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66177",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-13T14:26:06.385030Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T17:27:13.199Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DS-96xxxNI-Hx",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-96xxxNI-Ix",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-96xxNXI-Sx",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-96xxxNXI-Sx",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-76xxNXI-Mx/VPro",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-96xxNXI-Mx/VPro",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-76xxNI-Mx",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-77xxNI-Mx",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-96xxNXI-Mx",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-96xxxNXI-Mx",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-86xxxNXI-Mx",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-76xxNXI-Ix/S",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-77xxNXI-Ix/S",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-86xxNXI-Ix/S",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-96xxNXI-Ix/S",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-76xxNXI-Ix/VPro",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-77xxNXI-Ix/VPro",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-76xxNXI-Kx(/xP) including(D)\u3001(E)\u3001(B)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-77xxNXI-Kx(/xP) including(D)\u3001(E)\u3001(B)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-76xxNXI-Kx(/xP)/Vpro",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-77xxNXI-Kx(/xP)/Vpro",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-76xxNI-Qx(/xP) including(D)\u3001(E)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-71xxNI-Q1(/xP)/M",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-71xxNI-Q1(/xP)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-710xNI-G1/(xP)/M",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-71xxNI-Q1(/xP)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-71xxNI-Q1(/xP)/M",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-76xxNI-Q1(/xP)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-76xxNI-Q2(/xP)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-76xxNXI-K1(/xP)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-76xxNXI-K2(/xP)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-77xxNXI-K4(/xP)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-86xxNXI-K8(/xP)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-76xxNXI-K1(/xP)/VPro",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-76xxNXI-K2(/xP)/VPro",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-77xxNXI-K4(/xP)/VPro",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-71xxHGHI-M1(/T)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-72xxHGHI-M1(/T)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-71xxHQHI-M1(/T)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-72xxHQHI-M1(/T)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-72xxHQHI-Mx/XT",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-72xxHUHI-Mx/XT",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-72xxHTHI-Mx/XT",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-90xxHUHI-M8/S(S)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-73xxHUHI-M4/S(S)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-81xxHUHI-M8/S(S)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-71xxHGHI-M1(/T)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-72xxHGHI-M1(/T)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-ExxHGHI-xx",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-71xxHQHI-M1/S",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-72xxHQHI-M1/E",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-71xxHQHI-M1/T",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-72xxHQHI-M1/T",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-72xxHQHI-Mx/XT",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-73xxHQHI-M4/S",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-81xxHQHI-M8/S",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-90xxHQHI-M8/S",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-ExxHQHI-xx",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-71xxHUHI-M1/S",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-72xxHUHI-M1/E",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-72xxHUHI-M1/T",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-72xxHUHI-Mx/X",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-72xxHUHI-Mx/XT",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-72xxHUHI-Mx/PXT",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-73xxHUHI-M4/S",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-90xxHUHI-M8/S",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-ExxHUHI-xx",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-72xxHTHI-Mx/XT",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-A806xxSI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-AT1000SI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-96xxxNXI-Hx",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-96064NXI-I16",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-96xxxNXI-Ix/AI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-67xxNXI-Mx/X",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-76xxNXI-Mx/X",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-77xxNXI-Mx/X",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-96xxNXI-Mx/X",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-96xxxNXI-Mx/X",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-96xxxNXI-Hx/AI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-96xxNXI-Mx/AI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-67xxNXI-Mx/AI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-67xxxNXI-Mx/AI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-67xxNXI-S/T",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-67xxNXI-S",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-6704NXI/AI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-67xxNXI-P1",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-7608NXI-P2",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-77xxNXI-P4",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-96xxNXI-Px",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-2CD1xxxG2",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V5.7.13_230822 (including V5.7.13_230822)"
}
]
},
{
"product": "DS-2CD3xx1G2",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V5.7.13_230822 (including V5.7.13_230822)"
}
]
},
{
"product": "HWI-xxxxHA",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V5.7.13_230822 (including V5.7.13_230822)"
}
]
},
{
"product": "IPC-xxxxHA",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V5.7.13_230822 (including V5.7.13_230822)"
}
]
},
{
"product": "DS-2CD2Dx5G1",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V5.7.210_240826 (including V5.7.210_240826)"
}
]
},
{
"product": "DS-2CD64x5G1",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V5.7.210_240826 (including V5.7.210_240826)"
}
]
},
{
"product": "DS-2CD29xxG0",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V5.7.21_240814 (including V5.7.21_240814)"
}
]
},
{
"product": "DS-2XE6xxxG0",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V5.7.7build241203 (including V5.7.7build241203)"
}
]
},
{
"product": "DS-2XC6xxxG0",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V5.7.7build241203 (including V5.7.7build241203)"
}
]
},
{
"product": "DS-2CD1xxxG0(T)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V5.7.23_241015 (including V5.7.23_241015)"
}
]
},
{
"product": "DS-2CD1xx1",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V5.7.23_241015 (including V5.7.23_241015)"
}
]
},
{
"product": "DS-2CD3xx1G0",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V5.7.23_241015 (including V5.7.23_241015)"
}
]
},
{
"product": "DS-2CD2xx1G0",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V5.7.23_241015 (including V5.7.23_241015)"
}
]
},
{
"product": "IPC-xxxxH",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V5.7.23_241015 (including V5.7.23_241015)"
}
]
},
{
"product": "HWI-xxxH(C)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V5.7.23_241015 (including V5.7.23_241015)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Angel Lozano Alcazar"
},
{
"lang": "en",
"type": "finder",
"value": "Pedro Guillen Nu\u00f1ez"
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision NVR/DVR/CVR/IPC models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T01:47:54.031Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/buffer-overflow-vulnerabilities-in-some-hikvision-products/"
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2025-66177",
"datePublished": "2026-01-13T01:47:54.031Z",
"dateReserved": "2025-11-24T08:59:35.903Z",
"dateUpdated": "2026-01-13T17:27:13.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66176 (GCVE-0-2025-66176)
Vulnerability from nvd – Published: 2026-01-13 01:47 – Updated: 2026-03-18 15:28
VLAI
Summary
There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
18 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hikvision | DS-K1T331 |
Affected:
Versions below V3.7.80
|
|
| Hikvision | DS-K1T341A/K1T341B |
Affected:
Versions below V3.7.80
|
|
| Hikvision | DS-K1T671/K5671 |
Affected:
Versions below V3.7.80
|
|
| Hikvision | DS-K1T672 |
Affected:
Versions below V3.7.80
|
|
| Hikvision | DS-K1T680 |
Affected:
Versions below V3.7.80
|
|
| Hikvision | DS-K1T981 |
Affected:
Versions below V3.7.80
|
|
| Hikvision | DS-K1T341C |
Affected:
Versions below V3.3.180
|
|
| Hikvision | DS-K1T670/K1T673 |
Affected:
Versions below V4.48.0
|
|
| Hikvision | DS-K1T8003 |
Affected:
Versions below V1.4.21
|
|
| Hikvision | DS-K1T804A |
Affected:
Versions below V1.4.22
|
|
| Hikvision | DS-K1T8003/8004 |
Affected:
Versions below V1.4.21
|
|
| Hikvision | DS-K1T804B |
Affected:
Versions below V1.4.23
|
|
| Hikvision | DS-K1T201A/K1T105A |
Affected:
Versions below V1.3.65
|
|
| Hikvision | DS-K1T342/K1T343/K1T344/DS-K1T6QT-F72/F43 |
Affected:
Versions below V4.48.0
|
|
| Hikvision | DS-K1T8005/DS-K1T808 |
Affected:
Versions below V3.25.40
|
|
| Hikvision | DS-K1T320/DS-K1T321 |
Affected:
Versions below V3.9.40
|
|
| Hikvision | DS-K1T323/DS-K1T510 |
Affected:
Versions below V4.23.41
|
|
| Hikvision | DS-K5033 |
Affected:
Versions below V4.37.40
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66176",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-13T14:32:35.447766Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T17:28:04.643Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-03-18T15:28:09.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2281"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DS-K1T331",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V3.7.80"
}
]
},
{
"product": "DS-K1T341A/K1T341B",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V3.7.80"
}
]
},
{
"product": "DS-K1T671/K5671",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V3.7.80"
}
]
},
{
"product": "DS-K1T672",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V3.7.80"
}
]
},
{
"product": "DS-K1T680",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V3.7.80"
}
]
},
{
"product": "DS-K1T981",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V3.7.80"
}
]
},
{
"product": "DS-K1T341C",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V3.3.180"
}
]
},
{
"product": "DS-K1T670/K1T673",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V4.48.0"
}
]
},
{
"product": "DS-K1T8003",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V1.4.21"
}
]
},
{
"product": "DS-K1T804A",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V1.4.22"
}
]
},
{
"product": "DS-K1T8003/8004",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V1.4.21"
}
]
},
{
"product": "DS-K1T804A",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V1.4.22"
}
]
},
{
"product": "DS-K1T804B",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V1.4.23"
}
]
},
{
"product": "DS-K1T201A/K1T105A",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V1.3.65"
}
]
},
{
"product": "DS-K1T342/K1T343/K1T344/DS-K1T6QT-F72/F43",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V4.48.0"
}
]
},
{
"product": "DS-K1T8005/DS-K1T808",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V3.25.40"
}
]
},
{
"product": "DS-K1T320/DS-K1T321",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V3.9.40"
}
]
},
{
"product": "DS-K1T323/DS-K1T510",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V4.23.41"
}
]
},
{
"product": "DS-K5033",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V4.37.40"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matt Wiseman of Cisco Talos"
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T01:56:32.572Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/buffer-overflow-vulnerabilities-in-some-hikvision-products/"
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2025-66176",
"datePublished": "2026-01-13T01:47:27.191Z",
"dateReserved": "2025-11-24T08:59:35.903Z",
"dateUpdated": "2026-03-18T15:28:09.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66174 (GCVE-0-2025-66174)
Vulnerability from nvd – Published: 2025-12-19 06:39 – Updated: 2025-12-19 15:41
VLAI
Summary
There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and run a series of commands.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hikvision | DS-7104HGHI-F1 |
Affected:
Versions below V4.30.122_201107 (including V4.30.122_201107)
|
|
| Hikvision | DS-7204HGHI-F1 |
Affected:
Versions below V4.30.122_201107 (including V4.30.122_201107)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66174",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T15:41:12.037984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T15:41:32.976Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DS-7104HGHI-F1",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V4.30.122_201107 (including V4.30.122_201107)"
}
]
},
{
"product": "DS-7204HGHI-F1",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V4.30.122_201107 (including V4.30.122_201107)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aaron J Jose"
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and run a series of commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T06:45:55.453Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/serial-port-privilege-escalation-vulnerabilities-in-some-hikvision-nvr-devices/"
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2025-66174",
"datePublished": "2025-12-19T06:39:51.404Z",
"dateReserved": "2025-11-24T08:59:35.903Z",
"dateUpdated": "2025-12-19T15:41:32.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66173 (GCVE-0-2025-66173)
Vulnerability from nvd – Published: 2025-12-19 06:39 – Updated: 2025-12-19 15:40
VLAI
Summary
There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and gaining access to an unrestricted shell environment.
Severity
6.2 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hikvision | DS-7104HGHI-F1 |
Affected:
Versions below V4.30.122_201107 (including V4.30.122_201107)
|
|
| Hikvision | DS-7204HGHI-F1 |
Affected:
Versions below V4.30.122_201107 (including V4.30.122_201107)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66173",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T15:40:25.549400Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T15:40:52.217Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DS-7104HGHI-F1",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V4.30.122_201107 (including V4.30.122_201107)"
}
]
},
{
"product": "DS-7204HGHI-F1",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V4.30.122_201107 (including V4.30.122_201107)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aaron J Jose"
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and gaining access to an unrestricted shell environment."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T06:45:40.814Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/serial-port-privilege-escalation-vulnerabilities-in-some-hikvision-nvr-devices/"
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2025-66173",
"datePublished": "2025-12-19T06:39:38.504Z",
"dateReserved": "2025-11-24T08:59:35.902Z",
"dateUpdated": "2025-12-19T15:40:52.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-58274 (GCVE-0-2024-58274)
Vulnerability from nvd – Published: 2025-10-22 00:00 – Updated: 2025-10-22 13:55
VLAI
KEVIntel
Summary
Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2024-08-01 allows execution of a command within $( ) in /center/api/installation/detection JSON data, as exploited in the wild in 2024 and 2025.
Severity
8.3 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hikvision | CSMP iSecure Center |
Affected:
0 , ≤ 2024-08-01
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-58274",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-22T13:55:11.718588Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:55:16.083Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://xz.aliyun.com/news/14639"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "CSMP iSecure Center",
"vendor": "Hikvision",
"versions": [
{
"lessThanOrEqual": "2024-08-01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2024-08-01 allows execution of a command within $( ) in /center/api/installation/detection JSON data, as exploited in the wild in 2024 and 2025."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T03:45:04.855Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ahisec/nuclei-tps/blob/main/http/vulnerabilities/hikvision/hikvision-csmp-installation-rce.yaml"
},
{
"url": "https://forum.butian.net/article/498"
},
{
"url": "https://xz.aliyun.com/news/14639"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-58274",
"datePublished": "2025-10-22T00:00:00.000Z",
"dateReserved": "2025-10-22T00:00:00.000Z",
"dateUpdated": "2025-10-22T13:55:16.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53691 (GCVE-0-2023-53691)
Vulnerability from nvd – Published: 2025-10-22 00:00 – Updated: 2025-10-22 13:56
VLAI
KEVIntel
Summary
Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2023-06-25 allows file upload via /center/api/files directory traversal, as exploited in the wild in 2024 and 2025.
Severity
8.3 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-24 - Path Traversal: '../filedir'
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hikvision | CSMP iSecure Center |
Affected:
0 , ≤ 2023-06-25
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-53691",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-22T13:56:40.313239Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:56:44.179Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://zhuanlan.zhihu.com/p/639514473"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "CSMP iSecure Center",
"vendor": "Hikvision",
"versions": [
{
"lessThanOrEqual": "2023-06-25",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2023-06-25 allows file upload via /center/api/files directory traversal, as exploited in the wild in 2024 and 2025."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T03:42:57.265Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://zhuanlan.zhihu.com/p/639514473"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-53691",
"datePublished": "2025-10-22T00:00:00.000Z",
"dateReserved": "2025-10-22T00:00:00.000Z",
"dateUpdated": "2025-10-22T13:56:44.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28815 (GCVE-0-2023-28815)
Vulnerability from nvd – Published: 2025-10-17 11:07 – Updated: 2025-10-17 12:10
VLAI
Summary
Some versions of Hikvision's iSecure Center Product contain insufficient parameter validation, resulting in a command injection vulnerability. Attackers may exploit this to gain platform privileges and execute arbitrary commands on the system.iSecure Center is software released for China's domestic market only, with no overseas release.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-141 - Improper Neutralization of Parameter/Argument Delimiters
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hikvision | iSecure Center |
Affected:
V1.0.0 - V1.7.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28815",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-17T12:10:12.884691Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-141",
"description": "CWE-141 Improper Neutralization of Parameter/Argument Delimiters",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T12:10:16.930Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iSecure Center",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "V1.0.0 - V1.7.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "hsrc"
}
],
"descriptions": [
{
"lang": "en",
"value": "Some versions of Hikvision\u0027s iSecure Center Product contain insufficient parameter validation, resulting in a command injection vulnerability. Attackers may exploit this to gain platform privileges and execute arbitrary commands on the system.iSecure Center is software released for China\u0027s domestic market only, with no overseas release."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T11:07:26.306Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hikvision.com/cn/support/CybersecurityCenter/SecurityNotices/2023-04/"
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2023-28815",
"datePublished": "2025-10-17T11:07:26.306Z",
"dateReserved": "2023-03-23T19:49:08.441Z",
"dateUpdated": "2025-10-17T12:10:16.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28814 (GCVE-0-2023-28814)
Vulnerability from nvd – Published: 2025-10-17 11:07 – Updated: 2025-10-17 13:04
VLAI
Summary
Some versions of Hikvision's iSecure Center Product have an improper file upload control vulnerability. Due to the improper verification of file to be uploaded, attackers may upload malicious files to the server. iSecure Center is software released for China's domestic market only, with no overseas release.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hikvision | iSecure Center |
Affected:
V1.0.0 - V1.7.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28814",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-17T13:04:13.622732Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T13:04:24.853Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iSecure Center",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "V1.0.0 - V1.7.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "hsrc"
}
],
"descriptions": [
{
"lang": "en",
"value": "Some versions of Hikvision\u0027s iSecure Center Product have an improper file upload control vulnerability. Due to the improper verification of file to be uploaded, attackers may upload malicious files to the server. iSecure Center is software released for China\u0027s domestic market only, with no overseas release."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T11:07:06.801Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hikvision.com/cn/support/CybersecurityCenter/SecurityNotices/2023-03/"
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2023-28814",
"datePublished": "2025-10-17T11:07:06.801Z",
"dateReserved": "2023-03-23T19:49:08.440Z",
"dateUpdated": "2025-10-17T13:04:24.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-39247 (GCVE-0-2025-39247)
Vulnerability from nvd – Published: 2025-08-29 01:40 – Updated: 2025-08-29 13:32
VLAI
Summary
There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission.
Severity
8.6 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hikvision | HikCentral Professional |
Affected:
Versions between V2.3.1 and V2.6.2
|
|
| Hikvision | HikCentral Professional |
Affected:
Version V3.0.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-39247",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-29T13:32:15.480416Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T13:32:18.140Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HikCentral Professional",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions between V2.3.1 and V2.6.2"
}
]
},
{
"product": "HikCentral Professional",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Version V3.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dr. Matthias Lutter"
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T01:40:31.553Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-some-hikcentral-products/"
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2025-39247",
"datePublished": "2025-08-29T01:40:31.553Z",
"dateReserved": "2025-04-16T05:37:51.248Z",
"dateUpdated": "2025-08-29T13:32:18.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-39246 (GCVE-0-2025-39246)
Vulnerability from nvd – Published: 2025-08-29 01:39 – Updated: 2025-08-29 13:32
VLAI
Summary
There is an Unquoted Service Path Vulnerability in some HikCentral FocSign versions. This could allow an authenticated user to potentially enable escalation of privilege via local access.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hikvision | HikCentral FocSign |
Affected:
Versions between V1.4.0 and V2.2.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-39246",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-29T13:32:36.393721Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T13:32:53.476Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HikCentral FocSign",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions between V1.4.0 and V2.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Eduardo Bido"
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an Unquoted Service Path Vulnerability in some HikCentral FocSign versions. This could allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T01:39:53.653Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-some-hikcentral-products/"
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2025-39246",
"datePublished": "2025-08-29T01:39:53.653Z",
"dateReserved": "2025-04-16T05:37:51.248Z",
"dateUpdated": "2025-08-29T13:32:53.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-39245 (GCVE-0-2025-39245)
Vulnerability from nvd – Published: 2025-08-29 01:38 – Updated: 2025-08-29 13:33
VLAI
Summary
There is a CSV Injection Vulnerability in some HikCentral Master Lite versions. This could allow an attacker to inject executable commands via malicious CSV data.
Severity
4.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1236 - Improper Neutralization of Formula Elements in a CSV File
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hikvision | HikCentral Master Lite |
Affected:
Versions between V2.2.1 and V2.3.2
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-39245",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-29T13:33:21.122215Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T13:33:42.304Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HikCentral Master Lite",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions between V2.2.1 and V2.3.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Yousef Alfuhaid"
},
{
"lang": "en",
"type": "finder",
"value": "Nader Alharbi"
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a CSV Injection Vulnerability in some HikCentral Master Lite versions. This could allow an attacker to inject executable commands via malicious CSV data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T01:38:46.917Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-some-hikcentral-products/"
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2025-39245",
"datePublished": "2025-08-29T01:38:46.917Z",
"dateReserved": "2025-04-16T05:37:51.248Z",
"dateUpdated": "2025-08-29T13:33:42.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-32684 (GCVE-0-2026-32684)
Vulnerability from cvelistv5 – Published: 2026-05-12 10:51 – Updated: 2026-06-02 16:04
VLAI
Summary
The application does not impose strict enough restrictions on directory access permissions, posing a risk that other malicious applications could obtain sensitive information.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hikvision | Hik-Connect APP |
Affected:
V6.10.x
Unaffected: V6.12.0 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32684",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-12T12:06:07.612844Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T16:04:38.256Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Hik-Connect APP",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "V6.10.x"
},
{
"status": "unaffected",
"version": "V6.12.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Yi\u011fithan Y\u00fcceda\u011f"
}
],
"descriptions": [
{
"lang": "en",
"value": "The application does not impose strict enough restrictions on directory access permissions, posing a risk that other malicious applications could obtain sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T10:51:08.585Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://pinfo.hikvision.com/hkwsen/unzip/20260511114030_14652_doc/GUID-A47A8570-631E-4F62-BCEE-37E9F2983DD7.html"
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2026-32684",
"datePublished": "2026-05-12T10:51:08.585Z",
"dateReserved": "2026-03-13T07:45:08.745Z",
"dateUpdated": "2026-06-02T16:04:38.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3828 (GCVE-0-2026-3828)
Vulnerability from cvelistv5 – Published: 2026-05-09 08:27 – Updated: 2026-05-11 15:22
VLAI
Summary
Some Hikvision switch products (discontinued since December 2023) are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hikvision | DS-3E1310P-SI |
Affected:
Versions below V1.2.4_210623 (including V1.2.4_210623)
|
|
| Hikvision | DS-3E1318P-SI |
Affected:
Versions below V1.2.0_210823 (including V1.2.0_210823)
|
|
| Hikvision | DS-3E1326P-SI |
Affected:
Versions below V1.2.0_210823 (including V1.2.0_210823)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3828",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-11T15:22:31.962279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T15:22:55.314Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DS-3E1310P-SI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V1.2.4_210623 (including V1.2.4_210623)"
}
]
},
{
"product": "DS-3E1318P-SI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V1.2.0_210823 (including V1.2.0_210823)"
}
]
},
{
"product": "DS-3E1326P-SI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V1.2.0_210823 (including V1.2.0_210823)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thiago Torres (torresm)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Hikvision switch products (discontinued since December 2023) are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-09T08:27:55.964Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/command-execution-vulnerability-in-some-hikvision-switch-product/"
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2026-3828",
"datePublished": "2026-05-09T08:27:55.964Z",
"dateReserved": "2026-03-09T09:20:38.428Z",
"dateUpdated": "2026-05-11T15:22:55.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1749 (GCVE-0-2026-1749)
Vulnerability from cvelistv5 – Published: 2026-05-09 08:27 – Updated: 2026-05-11 15:21
VLAI
Summary
There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hikvision | HikCentral Professional |
Affected:
V2.4.0~V3.0.1
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1749",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-11T15:21:36.019611Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T15:21:55.304Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HikCentral Professional",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "V2.4.0~V3.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ayoub ELMOKHTAR from the Offensive Security Team (Noon)"
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-09T08:27:15.849Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-hikcentral-professional/"
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2026-1749",
"datePublished": "2026-05-09T08:27:15.849Z",
"dateReserved": "2026-02-02T02:00:26.271Z",
"dateUpdated": "2026-05-11T15:21:55.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0709 (GCVE-0-2026-0709)
Vulnerability from cvelistv5 – Published: 2026-01-30 11:01 – Updated: 2026-02-27 14:49
VLAI
Summary
Some Hikvision Wireless Access Points are vulnerable to authenticated command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hikvision | DS-3WAP521-SI |
Affected:
V1.1.6303 build250812 and earlier
|
|
| Hikvision | DS-3WAP522-SI |
Affected:
V1.1.6303 build250812 and earlier
|
|
| Hikvision | DS-3WAP621E-SI |
Affected:
V1.1.6303 build250812 and earlier
|
|
| Hikvision | DS-3WAP622E-SI |
Affected:
V1.1.6303 build250812 and earlier
|
|
| Hikvision | DS-3WAP623E-SI |
Affected:
V1.1.6303 build250812 and earlier
|
|
| Hikvision | DS-3WAP622G-SI |
Affected:
V1.1.6303 build250812 and earlier
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0709",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-30T12:13:24.741883Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T14:49:22.572Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DS-3WAP521-SI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "V1.1.6303 build250812 and earlier"
}
]
},
{
"product": "DS-3WAP522-SI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "V1.1.6303 build250812 and earlier"
}
]
},
{
"product": "DS-3WAP621E-SI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "V1.1.6303 build250812 and earlier"
}
]
},
{
"product": "DS-3WAP622E-SI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "V1.1.6303 build250812 and earlier"
}
]
},
{
"product": "DS-3WAP623E-SI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "V1.1.6303 build250812 and earlier"
}
]
},
{
"product": "DS-3WAP622G-SI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "V1.1.6303 build250812 and earlier"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "exzettabyte"
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Hikvision Wireless Access Points are vulnerable to authenticated command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-30T11:01:55.633Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/command-execution-vulnerability-in-some-hikvision-wireless-access-point-products/"
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2026-0709",
"datePublished": "2026-01-30T11:01:55.633Z",
"dateReserved": "2026-01-08T05:49:12.677Z",
"dateUpdated": "2026-02-27T14:49:22.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66177 (GCVE-0-2025-66177)
Vulnerability from cvelistv5 – Published: 2026-01-13 01:47 – Updated: 2026-01-13 17:27
VLAI
Summary
There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision NVR/DVR/CVR/IPC models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
Impacted products
99 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hikvision | DS-96xxxNI-Hx |
Affected:
Build date before 250807
|
|
| Hikvision | DS-96xxxNI-Ix |
Affected:
Build date before 250807
|
|
| Hikvision | DS-96xxNXI-Sx |
Affected:
Build date before 250807
|
|
| Hikvision | DS-96xxxNXI-Sx |
Affected:
Build date before 250807
|
|
| Hikvision | DS-76xxNXI-Mx/VPro |
Affected:
Build date before 250807
|
|
| Hikvision | DS-96xxNXI-Mx/VPro |
Affected:
Build date before 250807
|
|
| Hikvision | DS-76xxNI-Mx |
Affected:
Build date before 250807
|
|
| Hikvision | DS-77xxNI-Mx |
Affected:
Build date before 250807
|
|
| Hikvision | DS-96xxNXI-Mx |
Affected:
Build date before 250807
|
|
| Hikvision | DS-96xxxNXI-Mx |
Affected:
Build date before 250807
|
|
| Hikvision | DS-86xxxNXI-Mx |
Affected:
Build date before 250807
|
|
| Hikvision | DS-76xxNXI-Ix/S |
Affected:
Build date before 250807
|
|
| Hikvision | DS-77xxNXI-Ix/S |
Affected:
Build date before 250807
|
|
| Hikvision | DS-86xxNXI-Ix/S |
Affected:
Build date before 250807
|
|
| Hikvision | DS-96xxNXI-Ix/S |
Affected:
Build date before 250807
|
|
| Hikvision | DS-76xxNXI-Ix/VPro |
Affected:
Build date before 250807
|
|
| Hikvision | DS-77xxNXI-Ix/VPro |
Affected:
Build date before 250807
|
|
| Hikvision | DS-76xxNXI-Kx(/xP) including(D)、(E)、(B) |
Affected:
Build date before 250807
|
|
| Hikvision | DS-77xxNXI-Kx(/xP) including(D)、(E)、(B) |
Affected:
Build date before 250807
|
|
| Hikvision | DS-76xxNXI-Kx(/xP)/Vpro |
Affected:
Build date before 250807
|
|
| Hikvision | DS-77xxNXI-Kx(/xP)/Vpro |
Affected:
Build date before 250807
|
|
| Hikvision | DS-76xxNI-Qx(/xP) including(D)、(E) |
Affected:
Build date before 250807
|
|
| Hikvision | DS-71xxNI-Q1(/xP)/M |
Affected:
Build date before 250807
|
|
| Hikvision | DS-71xxNI-Q1(/xP) |
Affected:
Build date before 250807
|
|
| Hikvision | DS-710xNI-G1/(xP)/M |
Affected:
Build date before 250807
|
|
| Hikvision | DS-76xxNI-Q1(/xP) |
Affected:
Build date before 250807
|
|
| Hikvision | DS-76xxNI-Q2(/xP) |
Affected:
Build date before 250807
|
|
| Hikvision | DS-76xxNXI-K1(/xP) |
Affected:
Build date before 250807
|
|
| Hikvision | DS-76xxNXI-K2(/xP) |
Affected:
Build date before 250807
|
|
| Hikvision | DS-77xxNXI-K4(/xP) |
Affected:
Build date before 250807
|
|
| Hikvision | DS-86xxNXI-K8(/xP) |
Affected:
Build date before 250807
|
|
| Hikvision | DS-76xxNXI-K1(/xP)/VPro |
Affected:
Build date before 250807
|
|
| Hikvision | DS-76xxNXI-K2(/xP)/VPro |
Affected:
Build date before 250807
|
|
| Hikvision | DS-77xxNXI-K4(/xP)/VPro |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-71xxHGHI-M1(/T) |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-72xxHGHI-M1(/T) |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-71xxHQHI-M1(/T) |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-72xxHQHI-M1(/T) |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-72xxHQHI-Mx/XT |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-72xxHUHI-Mx/XT |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-72xxHTHI-Mx/XT |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-90xxHUHI-M8/S(S) |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-73xxHUHI-M4/S(S) |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-81xxHUHI-M8/S(S) |
Affected:
Build date before 250807
|
|
| Hikvision | DS-71xxHGHI-M1(/T) |
Affected:
Build date before 250807
|
|
| Hikvision | DS-72xxHGHI-M1(/T) |
Affected:
Build date before 250807
|
|
| Hikvision | DS-ExxHGHI-xx |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-71xxHQHI-M1/S |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-72xxHQHI-M1/E |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-71xxHQHI-M1/T |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-72xxHQHI-M1/T |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-73xxHQHI-M4/S |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-81xxHQHI-M8/S |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-90xxHQHI-M8/S |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-ExxHQHI-xx |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-71xxHUHI-M1/S |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-72xxHUHI-M1/E |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-72xxHUHI-M1/T |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-72xxHUHI-Mx/X |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-72xxHUHI-Mx/PXT |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-73xxHUHI-M4/S |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-90xxHUHI-M8/S |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-ExxHUHI-xx |
Affected:
Build date before 250807
|
|
| Hikvision | DS-A806xxSI |
Affected:
Build date before 250807
|
|
| Hikvision | DS-AT1000SI |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-96xxxNXI-Hx |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-96064NXI-I16 |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-96xxxNXI-Ix/AI |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-67xxNXI-Mx/X |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-76xxNXI-Mx/X |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-77xxNXI-Mx/X |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-96xxNXI-Mx/X |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-96xxxNXI-Mx/X |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-96xxxNXI-Hx/AI |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-96xxNXI-Mx/AI |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-67xxNXI-Mx/AI |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-67xxxNXI-Mx/AI |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-67xxNXI-S/T |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-67xxNXI-S |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-6704NXI/AI |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-67xxNXI-P1 |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-7608NXI-P2 |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-77xxNXI-P4 |
Affected:
Build date before 250807
|
|
| Hikvision | iDS-96xxNXI-Px |
Affected:
Build date before 250807
|
|
| Hikvision | DS-2CD1xxxG2 |
Affected:
Versions below V5.7.13_230822 (including V5.7.13_230822)
|
|
| Hikvision | DS-2CD3xx1G2 |
Affected:
Versions below V5.7.13_230822 (including V5.7.13_230822)
|
|
| Hikvision | HWI-xxxxHA |
Affected:
Versions below V5.7.13_230822 (including V5.7.13_230822)
|
|
| Hikvision | IPC-xxxxHA |
Affected:
Versions below V5.7.13_230822 (including V5.7.13_230822)
|
|
| Hikvision | DS-2CD2Dx5G1 |
Affected:
Versions below V5.7.210_240826 (including V5.7.210_240826)
|
|
| Hikvision | DS-2CD64x5G1 |
Affected:
Versions below V5.7.210_240826 (including V5.7.210_240826)
|
|
| Hikvision | DS-2CD29xxG0 |
Affected:
Versions below V5.7.21_240814 (including V5.7.21_240814)
|
|
| Hikvision | DS-2XE6xxxG0 |
Affected:
Versions below V5.7.7build241203 (including V5.7.7build241203)
|
|
| Hikvision | DS-2XC6xxxG0 |
Affected:
Versions below V5.7.7build241203 (including V5.7.7build241203)
|
|
| Hikvision | DS-2CD1xxxG0(T) |
Affected:
Versions below V5.7.23_241015 (including V5.7.23_241015)
|
|
| Hikvision | DS-2CD1xx1 |
Affected:
Versions below V5.7.23_241015 (including V5.7.23_241015)
|
|
| Hikvision | DS-2CD3xx1G0 |
Affected:
Versions below V5.7.23_241015 (including V5.7.23_241015)
|
|
| Hikvision | DS-2CD2xx1G0 |
Affected:
Versions below V5.7.23_241015 (including V5.7.23_241015)
|
|
| Hikvision | IPC-xxxxH |
Affected:
Versions below V5.7.23_241015 (including V5.7.23_241015)
|
|
| Hikvision | HWI-xxxH(C) |
Affected:
Versions below V5.7.23_241015 (including V5.7.23_241015)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66177",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-13T14:26:06.385030Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T17:27:13.199Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DS-96xxxNI-Hx",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-96xxxNI-Ix",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-96xxNXI-Sx",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-96xxxNXI-Sx",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-76xxNXI-Mx/VPro",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-96xxNXI-Mx/VPro",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-76xxNI-Mx",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-77xxNI-Mx",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-96xxNXI-Mx",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-96xxxNXI-Mx",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-86xxxNXI-Mx",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-76xxNXI-Ix/S",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-77xxNXI-Ix/S",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-86xxNXI-Ix/S",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-96xxNXI-Ix/S",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-76xxNXI-Ix/VPro",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-77xxNXI-Ix/VPro",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-76xxNXI-Kx(/xP) including(D)\u3001(E)\u3001(B)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-77xxNXI-Kx(/xP) including(D)\u3001(E)\u3001(B)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-76xxNXI-Kx(/xP)/Vpro",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-77xxNXI-Kx(/xP)/Vpro",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-76xxNI-Qx(/xP) including(D)\u3001(E)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-71xxNI-Q1(/xP)/M",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-71xxNI-Q1(/xP)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-710xNI-G1/(xP)/M",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-71xxNI-Q1(/xP)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-71xxNI-Q1(/xP)/M",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-76xxNI-Q1(/xP)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-76xxNI-Q2(/xP)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-76xxNXI-K1(/xP)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-76xxNXI-K2(/xP)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-77xxNXI-K4(/xP)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-86xxNXI-K8(/xP)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-76xxNXI-K1(/xP)/VPro",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-76xxNXI-K2(/xP)/VPro",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-77xxNXI-K4(/xP)/VPro",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-71xxHGHI-M1(/T)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-72xxHGHI-M1(/T)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-71xxHQHI-M1(/T)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-72xxHQHI-M1(/T)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-72xxHQHI-Mx/XT",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-72xxHUHI-Mx/XT",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-72xxHTHI-Mx/XT",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-90xxHUHI-M8/S(S)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-73xxHUHI-M4/S(S)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-81xxHUHI-M8/S(S)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-71xxHGHI-M1(/T)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-72xxHGHI-M1(/T)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-ExxHGHI-xx",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-71xxHQHI-M1/S",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-72xxHQHI-M1/E",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-71xxHQHI-M1/T",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-72xxHQHI-M1/T",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-72xxHQHI-Mx/XT",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-73xxHQHI-M4/S",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-81xxHQHI-M8/S",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-90xxHQHI-M8/S",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-ExxHQHI-xx",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-71xxHUHI-M1/S",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-72xxHUHI-M1/E",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-72xxHUHI-M1/T",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-72xxHUHI-Mx/X",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-72xxHUHI-Mx/XT",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-72xxHUHI-Mx/PXT",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-73xxHUHI-M4/S",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-90xxHUHI-M8/S",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-ExxHUHI-xx",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-72xxHTHI-Mx/XT",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-A806xxSI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-AT1000SI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-96xxxNXI-Hx",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-96064NXI-I16",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-96xxxNXI-Ix/AI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-67xxNXI-Mx/X",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-76xxNXI-Mx/X",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-77xxNXI-Mx/X",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-96xxNXI-Mx/X",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-96xxxNXI-Mx/X",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-96xxxNXI-Hx/AI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-96xxNXI-Mx/AI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-67xxNXI-Mx/AI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-67xxxNXI-Mx/AI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-67xxNXI-S/T",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-67xxNXI-S",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-6704NXI/AI",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-67xxNXI-P1",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-7608NXI-P2",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-77xxNXI-P4",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "iDS-96xxNXI-Px",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Build date before 250807"
}
]
},
{
"product": "DS-2CD1xxxG2",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V5.7.13_230822 (including V5.7.13_230822)"
}
]
},
{
"product": "DS-2CD3xx1G2",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V5.7.13_230822 (including V5.7.13_230822)"
}
]
},
{
"product": "HWI-xxxxHA",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V5.7.13_230822 (including V5.7.13_230822)"
}
]
},
{
"product": "IPC-xxxxHA",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V5.7.13_230822 (including V5.7.13_230822)"
}
]
},
{
"product": "DS-2CD2Dx5G1",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V5.7.210_240826 (including V5.7.210_240826)"
}
]
},
{
"product": "DS-2CD64x5G1",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V5.7.210_240826 (including V5.7.210_240826)"
}
]
},
{
"product": "DS-2CD29xxG0",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V5.7.21_240814 (including V5.7.21_240814)"
}
]
},
{
"product": "DS-2XE6xxxG0",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V5.7.7build241203 (including V5.7.7build241203)"
}
]
},
{
"product": "DS-2XC6xxxG0",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V5.7.7build241203 (including V5.7.7build241203)"
}
]
},
{
"product": "DS-2CD1xxxG0(T)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V5.7.23_241015 (including V5.7.23_241015)"
}
]
},
{
"product": "DS-2CD1xx1",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V5.7.23_241015 (including V5.7.23_241015)"
}
]
},
{
"product": "DS-2CD3xx1G0",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V5.7.23_241015 (including V5.7.23_241015)"
}
]
},
{
"product": "DS-2CD2xx1G0",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V5.7.23_241015 (including V5.7.23_241015)"
}
]
},
{
"product": "IPC-xxxxH",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V5.7.23_241015 (including V5.7.23_241015)"
}
]
},
{
"product": "HWI-xxxH(C)",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V5.7.23_241015 (including V5.7.23_241015)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Angel Lozano Alcazar"
},
{
"lang": "en",
"type": "finder",
"value": "Pedro Guillen Nu\u00f1ez"
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision NVR/DVR/CVR/IPC models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T01:47:54.031Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/buffer-overflow-vulnerabilities-in-some-hikvision-products/"
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2025-66177",
"datePublished": "2026-01-13T01:47:54.031Z",
"dateReserved": "2025-11-24T08:59:35.903Z",
"dateUpdated": "2026-01-13T17:27:13.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66176 (GCVE-0-2025-66176)
Vulnerability from cvelistv5 – Published: 2026-01-13 01:47 – Updated: 2026-03-18 15:28
VLAI
Summary
There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
18 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hikvision | DS-K1T331 |
Affected:
Versions below V3.7.80
|
|
| Hikvision | DS-K1T341A/K1T341B |
Affected:
Versions below V3.7.80
|
|
| Hikvision | DS-K1T671/K5671 |
Affected:
Versions below V3.7.80
|
|
| Hikvision | DS-K1T672 |
Affected:
Versions below V3.7.80
|
|
| Hikvision | DS-K1T680 |
Affected:
Versions below V3.7.80
|
|
| Hikvision | DS-K1T981 |
Affected:
Versions below V3.7.80
|
|
| Hikvision | DS-K1T341C |
Affected:
Versions below V3.3.180
|
|
| Hikvision | DS-K1T670/K1T673 |
Affected:
Versions below V4.48.0
|
|
| Hikvision | DS-K1T8003 |
Affected:
Versions below V1.4.21
|
|
| Hikvision | DS-K1T804A |
Affected:
Versions below V1.4.22
|
|
| Hikvision | DS-K1T8003/8004 |
Affected:
Versions below V1.4.21
|
|
| Hikvision | DS-K1T804B |
Affected:
Versions below V1.4.23
|
|
| Hikvision | DS-K1T201A/K1T105A |
Affected:
Versions below V1.3.65
|
|
| Hikvision | DS-K1T342/K1T343/K1T344/DS-K1T6QT-F72/F43 |
Affected:
Versions below V4.48.0
|
|
| Hikvision | DS-K1T8005/DS-K1T808 |
Affected:
Versions below V3.25.40
|
|
| Hikvision | DS-K1T320/DS-K1T321 |
Affected:
Versions below V3.9.40
|
|
| Hikvision | DS-K1T323/DS-K1T510 |
Affected:
Versions below V4.23.41
|
|
| Hikvision | DS-K5033 |
Affected:
Versions below V4.37.40
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66176",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-13T14:32:35.447766Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T17:28:04.643Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-03-18T15:28:09.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2281"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DS-K1T331",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V3.7.80"
}
]
},
{
"product": "DS-K1T341A/K1T341B",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V3.7.80"
}
]
},
{
"product": "DS-K1T671/K5671",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V3.7.80"
}
]
},
{
"product": "DS-K1T672",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V3.7.80"
}
]
},
{
"product": "DS-K1T680",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V3.7.80"
}
]
},
{
"product": "DS-K1T981",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V3.7.80"
}
]
},
{
"product": "DS-K1T341C",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V3.3.180"
}
]
},
{
"product": "DS-K1T670/K1T673",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V4.48.0"
}
]
},
{
"product": "DS-K1T8003",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V1.4.21"
}
]
},
{
"product": "DS-K1T804A",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V1.4.22"
}
]
},
{
"product": "DS-K1T8003/8004",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V1.4.21"
}
]
},
{
"product": "DS-K1T804A",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V1.4.22"
}
]
},
{
"product": "DS-K1T804B",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V1.4.23"
}
]
},
{
"product": "DS-K1T201A/K1T105A",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V1.3.65"
}
]
},
{
"product": "DS-K1T342/K1T343/K1T344/DS-K1T6QT-F72/F43",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V4.48.0"
}
]
},
{
"product": "DS-K1T8005/DS-K1T808",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V3.25.40"
}
]
},
{
"product": "DS-K1T320/DS-K1T321",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V3.9.40"
}
]
},
{
"product": "DS-K1T323/DS-K1T510",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V4.23.41"
}
]
},
{
"product": "DS-K5033",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V4.37.40"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matt Wiseman of Cisco Talos"
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T01:56:32.572Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/buffer-overflow-vulnerabilities-in-some-hikvision-products/"
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2025-66176",
"datePublished": "2026-01-13T01:47:27.191Z",
"dateReserved": "2025-11-24T08:59:35.903Z",
"dateUpdated": "2026-03-18T15:28:09.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66174 (GCVE-0-2025-66174)
Vulnerability from cvelistv5 – Published: 2025-12-19 06:39 – Updated: 2025-12-19 15:41
VLAI
Summary
There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and run a series of commands.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hikvision | DS-7104HGHI-F1 |
Affected:
Versions below V4.30.122_201107 (including V4.30.122_201107)
|
|
| Hikvision | DS-7204HGHI-F1 |
Affected:
Versions below V4.30.122_201107 (including V4.30.122_201107)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66174",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T15:41:12.037984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T15:41:32.976Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DS-7104HGHI-F1",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V4.30.122_201107 (including V4.30.122_201107)"
}
]
},
{
"product": "DS-7204HGHI-F1",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V4.30.122_201107 (including V4.30.122_201107)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aaron J Jose"
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and run a series of commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T06:45:55.453Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/serial-port-privilege-escalation-vulnerabilities-in-some-hikvision-nvr-devices/"
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2025-66174",
"datePublished": "2025-12-19T06:39:51.404Z",
"dateReserved": "2025-11-24T08:59:35.903Z",
"dateUpdated": "2025-12-19T15:41:32.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66173 (GCVE-0-2025-66173)
Vulnerability from cvelistv5 – Published: 2025-12-19 06:39 – Updated: 2025-12-19 15:40
VLAI
Summary
There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and gaining access to an unrestricted shell environment.
Severity
6.2 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hikvision | DS-7104HGHI-F1 |
Affected:
Versions below V4.30.122_201107 (including V4.30.122_201107)
|
|
| Hikvision | DS-7204HGHI-F1 |
Affected:
Versions below V4.30.122_201107 (including V4.30.122_201107)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66173",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T15:40:25.549400Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T15:40:52.217Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DS-7104HGHI-F1",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V4.30.122_201107 (including V4.30.122_201107)"
}
]
},
{
"product": "DS-7204HGHI-F1",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions below V4.30.122_201107 (including V4.30.122_201107)"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aaron J Jose"
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and gaining access to an unrestricted shell environment."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-19T06:45:40.814Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/serial-port-privilege-escalation-vulnerabilities-in-some-hikvision-nvr-devices/"
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2025-66173",
"datePublished": "2025-12-19T06:39:38.504Z",
"dateReserved": "2025-11-24T08:59:35.902Z",
"dateUpdated": "2025-12-19T15:40:52.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-58274 (GCVE-0-2024-58274)
Vulnerability from cvelistv5 – Published: 2025-10-22 00:00 – Updated: 2025-10-22 13:55
VLAI
KEVIntel
Summary
Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2024-08-01 allows execution of a command within $( ) in /center/api/installation/detection JSON data, as exploited in the wild in 2024 and 2025.
Severity
8.3 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hikvision | CSMP iSecure Center |
Affected:
0 , ≤ 2024-08-01
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-58274",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-22T13:55:11.718588Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:55:16.083Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://xz.aliyun.com/news/14639"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "CSMP iSecure Center",
"vendor": "Hikvision",
"versions": [
{
"lessThanOrEqual": "2024-08-01",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2024-08-01 allows execution of a command within $( ) in /center/api/installation/detection JSON data, as exploited in the wild in 2024 and 2025."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T03:45:04.855Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/ahisec/nuclei-tps/blob/main/http/vulnerabilities/hikvision/hikvision-csmp-installation-rce.yaml"
},
{
"url": "https://forum.butian.net/article/498"
},
{
"url": "https://xz.aliyun.com/news/14639"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-58274",
"datePublished": "2025-10-22T00:00:00.000Z",
"dateReserved": "2025-10-22T00:00:00.000Z",
"dateUpdated": "2025-10-22T13:55:16.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53691 (GCVE-0-2023-53691)
Vulnerability from cvelistv5 – Published: 2025-10-22 00:00 – Updated: 2025-10-22 13:56
VLAI
KEVIntel
Summary
Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2023-06-25 allows file upload via /center/api/files directory traversal, as exploited in the wild in 2024 and 2025.
Severity
8.3 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-24 - Path Traversal: '../filedir'
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hikvision | CSMP iSecure Center |
Affected:
0 , ≤ 2023-06-25
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-53691",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-22T13:56:40.313239Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T13:56:44.179Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://zhuanlan.zhihu.com/p/639514473"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "CSMP iSecure Center",
"vendor": "Hikvision",
"versions": [
{
"lessThanOrEqual": "2023-06-25",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2023-06-25 allows file upload via /center/api/files directory traversal, as exploited in the wild in 2024 and 2025."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T03:42:57.265Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://zhuanlan.zhihu.com/p/639514473"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-53691",
"datePublished": "2025-10-22T00:00:00.000Z",
"dateReserved": "2025-10-22T00:00:00.000Z",
"dateUpdated": "2025-10-22T13:56:44.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28815 (GCVE-0-2023-28815)
Vulnerability from cvelistv5 – Published: 2025-10-17 11:07 – Updated: 2025-10-17 12:10
VLAI
Summary
Some versions of Hikvision's iSecure Center Product contain insufficient parameter validation, resulting in a command injection vulnerability. Attackers may exploit this to gain platform privileges and execute arbitrary commands on the system.iSecure Center is software released for China's domestic market only, with no overseas release.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-141 - Improper Neutralization of Parameter/Argument Delimiters
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hikvision | iSecure Center |
Affected:
V1.0.0 - V1.7.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28815",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-17T12:10:12.884691Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-141",
"description": "CWE-141 Improper Neutralization of Parameter/Argument Delimiters",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T12:10:16.930Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iSecure Center",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "V1.0.0 - V1.7.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "hsrc"
}
],
"descriptions": [
{
"lang": "en",
"value": "Some versions of Hikvision\u0027s iSecure Center Product contain insufficient parameter validation, resulting in a command injection vulnerability. Attackers may exploit this to gain platform privileges and execute arbitrary commands on the system.iSecure Center is software released for China\u0027s domestic market only, with no overseas release."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T11:07:26.306Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hikvision.com/cn/support/CybersecurityCenter/SecurityNotices/2023-04/"
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2023-28815",
"datePublished": "2025-10-17T11:07:26.306Z",
"dateReserved": "2023-03-23T19:49:08.441Z",
"dateUpdated": "2025-10-17T12:10:16.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28814 (GCVE-0-2023-28814)
Vulnerability from cvelistv5 – Published: 2025-10-17 11:07 – Updated: 2025-10-17 13:04
VLAI
Summary
Some versions of Hikvision's iSecure Center Product have an improper file upload control vulnerability. Due to the improper verification of file to be uploaded, attackers may upload malicious files to the server. iSecure Center is software released for China's domestic market only, with no overseas release.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hikvision | iSecure Center |
Affected:
V1.0.0 - V1.7.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28814",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-17T13:04:13.622732Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T13:04:24.853Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iSecure Center",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "V1.0.0 - V1.7.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "hsrc"
}
],
"descriptions": [
{
"lang": "en",
"value": "Some versions of Hikvision\u0027s iSecure Center Product have an improper file upload control vulnerability. Due to the improper verification of file to be uploaded, attackers may upload malicious files to the server. iSecure Center is software released for China\u0027s domestic market only, with no overseas release."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T11:07:06.801Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hikvision.com/cn/support/CybersecurityCenter/SecurityNotices/2023-03/"
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2023-28814",
"datePublished": "2025-10-17T11:07:06.801Z",
"dateReserved": "2023-03-23T19:49:08.440Z",
"dateUpdated": "2025-10-17T13:04:24.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-39247 (GCVE-0-2025-39247)
Vulnerability from cvelistv5 – Published: 2025-08-29 01:40 – Updated: 2025-08-29 13:32
VLAI
Summary
There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission.
Severity
8.6 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Hikvision | HikCentral Professional |
Affected:
Versions between V2.3.1 and V2.6.2
|
|
| Hikvision | HikCentral Professional |
Affected:
Version V3.0.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-39247",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-29T13:32:15.480416Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T13:32:18.140Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HikCentral Professional",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions between V2.3.1 and V2.6.2"
}
]
},
{
"product": "HikCentral Professional",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Version V3.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dr. Matthias Lutter"
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T01:40:31.553Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-some-hikcentral-products/"
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2025-39247",
"datePublished": "2025-08-29T01:40:31.553Z",
"dateReserved": "2025-04-16T05:37:51.248Z",
"dateUpdated": "2025-08-29T13:32:18.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-39246 (GCVE-0-2025-39246)
Vulnerability from cvelistv5 – Published: 2025-08-29 01:39 – Updated: 2025-08-29 13:32
VLAI
Summary
There is an Unquoted Service Path Vulnerability in some HikCentral FocSign versions. This could allow an authenticated user to potentially enable escalation of privilege via local access.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hikvision | HikCentral FocSign |
Affected:
Versions between V1.4.0 and V2.2.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-39246",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-29T13:32:36.393721Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T13:32:53.476Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HikCentral FocSign",
"vendor": "Hikvision",
"versions": [
{
"status": "affected",
"version": "Versions between V1.4.0 and V2.2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Eduardo Bido"
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an Unquoted Service Path Vulnerability in some HikCentral FocSign versions. This could allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T01:39:53.653Z",
"orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"shortName": "hikvision"
},
"references": [
{
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-some-hikcentral-products/"
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
"assignerShortName": "hikvision",
"cveId": "CVE-2025-39246",
"datePublished": "2025-08-29T01:39:53.653Z",
"dateReserved": "2025-04-16T05:37:51.248Z",
"dateUpdated": "2025-08-29T13:32:53.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-201705-3762
Vulnerability from variot - Updated: 2026-03-07 23:48An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information. plural Hikvision The product contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HikvisionCameras is a camera produced by Haikang. A number of HikvisionCameras have an incorrect authentication vulnerability. Multiple Hikvision Cameras are prone to an information-disclosure vulnerability and an authentication-bypass vulnerability. Other attacks are also possible. Hikvision DS-2CD2xx2F-I Series are all network camera products of China Hikvision Company
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "ds-2cd4332fwd-i\\",
"scope": "eq",
"trust": 4.8,
"vendor": "hikvision",
"version": null
},
{
"_id": null,
"model": "ds-2cd4324f-i\\",
"scope": "eq",
"trust": 4.8,
"vendor": "hikvision",
"version": null
},
{
"_id": null,
"model": "ds-2cd4312f-i\\",
"scope": "eq",
"trust": 3.6,
"vendor": "hikvision",
"version": null
},
{
"_id": null,
"model": "ds-2cd4212f-i\\",
"scope": "eq",
"trust": 3.0,
"vendor": "hikvision",
"version": null
},
{
"_id": null,
"model": "ds-2cd4032fwd-\\",
"scope": "eq",
"trust": 3.0,
"vendor": "hikvision",
"version": null
},
{
"_id": null,
"model": "ds-2cd4024f-\\",
"scope": "eq",
"trust": 3.0,
"vendor": "hikvision",
"version": null
},
{
"_id": null,
"model": "ds-2cd4012f-\\",
"scope": "eq",
"trust": 3.0,
"vendor": "hikvision",
"version": null
},
{
"_id": null,
"model": "ds-2cd4232fwd-i\\",
"scope": "eq",
"trust": 3.0,
"vendor": "hikvision",
"version": null
},
{
"_id": null,
"model": "ds-2cd4012fwd-\\",
"scope": "eq",
"trust": 3.0,
"vendor": "hikvision",
"version": null
},
{
"_id": null,
"model": "ds-2cd4224f-i\\",
"scope": "eq",
"trust": 3.0,
"vendor": "hikvision",
"version": null
},
{
"_id": null,
"model": "ds-2cd4212fwd-i\\",
"scope": "eq",
"trust": 3.0,
"vendor": "hikvision",
"version": null
},
{
"_id": null,
"model": "ds-2cd4012f-",
"scope": null,
"trust": 2.4,
"vendor": "hikvision digital",
"version": null
},
{
"_id": null,
"model": "ds-2cd4012fwd-",
"scope": null,
"trust": 2.4,
"vendor": "hikvision digital",
"version": null
},
{
"_id": null,
"model": "ds-2cd4024f-",
"scope": null,
"trust": 2.4,
"vendor": "hikvision digital",
"version": null
},
{
"_id": null,
"model": "ds-2cd4032fwd-",
"scope": null,
"trust": 2.4,
"vendor": "hikvision digital",
"version": null
},
{
"_id": null,
"model": "ds-2cd4212f-i",
"scope": null,
"trust": 2.4,
"vendor": "hikvision digital",
"version": null
},
{
"_id": null,
"model": "ds-2cd4212fwd-i",
"scope": null,
"trust": 2.4,
"vendor": "hikvision digital",
"version": null
},
{
"_id": null,
"model": "ds-2cd4224f-i",
"scope": null,
"trust": 2.4,
"vendor": "hikvision digital",
"version": null
},
{
"_id": null,
"model": "ds-2cd4232fwd-i",
"scope": null,
"trust": 2.4,
"vendor": "hikvision digital",
"version": null
},
{
"_id": null,
"model": "ds-2cd4312f-i",
"scope": null,
"trust": 2.4,
"vendor": "hikvision digital",
"version": null
},
{
"_id": null,
"model": "ds-2cd4324f-i",
"scope": null,
"trust": 2.4,
"vendor": "hikvision digital",
"version": null
},
{
"_id": null,
"model": "ds-2cd4332fwd-i",
"scope": null,
"trust": 2.4,
"vendor": "hikvision digital",
"version": null
},
{
"_id": null,
"model": "ds-2cd6412fwd",
"scope": "eq",
"trust": 1.6,
"vendor": "hikvision",
"version": null
},
{
"_id": null,
"model": "ds-2cd63xx series",
"scope": "eq",
"trust": 1.6,
"vendor": "hikvision",
"version": null
},
{
"_id": null,
"model": "ds-2dfx series",
"scope": "eq",
"trust": 1.6,
"vendor": "hikvision",
"version": null
},
{
"_id": null,
"model": "ds-2cd2512f-i\\",
"scope": "eq",
"trust": 1.0,
"vendor": "hikvision",
"version": null
},
{
"_id": null,
"model": "ds-2cd2t32-i3",
"scope": "eq",
"trust": 1.0,
"vendor": "hikvision",
"version": null
},
{
"_id": null,
"model": "ds-2cd2712f-i\\",
"scope": "eq",
"trust": 1.0,
"vendor": "hikvision",
"version": null
},
{
"_id": null,
"model": "ds-2cd2412f-i\\",
"scope": "eq",
"trust": 1.0,
"vendor": "hikvision",
"version": null
},
{
"_id": null,
"model": "ds-2cd2t32-i8",
"scope": "eq",
"trust": 1.0,
"vendor": "hikvision",
"version": null
},
{
"_id": null,
"model": "ds-2cd2632f-i\\",
"scope": "eq",
"trust": 1.0,
"vendor": "hikvision",
"version": null
},
{
"_id": null,
"model": "ds-2cd4112f-i\\",
"scope": "eq",
"trust": 1.0,
"vendor": "hikvision",
"version": null
},
{
"_id": null,
"model": "ds-2cd2612f-i\\",
"scope": "eq",
"trust": 1.0,
"vendor": "hikvision",
"version": null
},
{
"_id": null,
"model": "ds-2cd2312-i",
"scope": "eq",
"trust": 1.0,
"vendor": "hikvision",
"version": null
},
{
"_id": null,
"model": "ds-2cd2132-i",
"scope": "eq",
"trust": 1.0,
"vendor": "hikvision",
"version": null
},
{
"_id": null,
"model": "ds-2cd2532f-i\\",
"scope": "eq",
"trust": 1.0,
"vendor": "hikvision",
"version": null
},
{
"_id": null,
"model": "ds-2cd2112-i",
"scope": "eq",
"trust": 1.0,
"vendor": "hikvision",
"version": null
},
{
"_id": null,
"model": "ds-2cd4132fwd-i\\",
"scope": "eq",
"trust": 1.0,
"vendor": "hikvision",
"version": null
},
{
"_id": null,
"model": "ds-2cd2432f-i\\",
"scope": "eq",
"trust": 1.0,
"vendor": "hikvision",
"version": null
},
{
"_id": null,
"model": "ds-2cd2332-i",
"scope": "eq",
"trust": 1.0,
"vendor": "hikvision",
"version": null
},
{
"_id": null,
"model": "ds-2cd4112fwd-i\\",
"scope": "eq",
"trust": 1.0,
"vendor": "hikvision",
"version": null
},
{
"_id": null,
"model": "ds-2cd2212-i5",
"scope": "eq",
"trust": 1.0,
"vendor": "hikvision",
"version": null
},
{
"_id": null,
"model": "ds-2cd2t32-i5",
"scope": "eq",
"trust": 1.0,
"vendor": "hikvision",
"version": null
},
{
"_id": null,
"model": "ds-2cd2032-i",
"scope": "eq",
"trust": 1.0,
"vendor": "hikvision",
"version": null
},
{
"_id": null,
"model": "ds-2cd2232-i5",
"scope": "eq",
"trust": 1.0,
"vendor": "hikvision",
"version": null
},
{
"_id": null,
"model": "ds-2cd2732f-i\\",
"scope": "eq",
"trust": 1.0,
"vendor": "hikvision",
"version": null
},
{
"_id": null,
"model": "ds-2cd4124f-i\\",
"scope": "eq",
"trust": 1.0,
"vendor": "hikvision",
"version": null
},
{
"_id": null,
"model": "ds-2cd2032-i",
"scope": null,
"trust": 0.8,
"vendor": "hikvision digital",
"version": null
},
{
"_id": null,
"model": "ds-2cd2112-i",
"scope": null,
"trust": 0.8,
"vendor": "hikvision digital",
"version": null
},
{
"_id": null,
"model": "ds-2cd2132-i",
"scope": null,
"trust": 0.8,
"vendor": "hikvision digital",
"version": null
},
{
"_id": null,
"model": "ds-2cd2212-i5",
"scope": null,
"trust": 0.8,
"vendor": "hikvision digital",
"version": null
},
{
"_id": null,
"model": "ds-2cd2232-i5",
"scope": null,
"trust": 0.8,
"vendor": "hikvision digital",
"version": null
},
{
"_id": null,
"model": "ds-2cd2312-i",
"scope": null,
"trust": 0.8,
"vendor": "hikvision digital",
"version": null
},
{
"_id": null,
"model": "ds-2cd2332-i",
"scope": null,
"trust": 0.8,
"vendor": "hikvision digital",
"version": null
},
{
"_id": null,
"model": "ds-2cd2412f-i",
"scope": null,
"trust": 0.8,
"vendor": "hikvision digital",
"version": null
},
{
"_id": null,
"model": "ds-2cd2432f-i",
"scope": null,
"trust": 0.8,
"vendor": "hikvision digital",
"version": null
},
{
"_id": null,
"model": "ds-2cd2512f-i",
"scope": null,
"trust": 0.8,
"vendor": "hikvision digital",
"version": null
},
{
"_id": null,
"model": "ds-2cd2532f-i",
"scope": null,
"trust": 0.8,
"vendor": "hikvision digital",
"version": null
},
{
"_id": null,
"model": "ds-2cd2612f-i",
"scope": null,
"trust": 0.8,
"vendor": "hikvision digital",
"version": null
},
{
"_id": null,
"model": "ds-2cd2632f-i",
"scope": null,
"trust": 0.8,
"vendor": "hikvision digital",
"version": null
},
{
"_id": null,
"model": "ds-2cd2712f-i",
"scope": null,
"trust": 0.8,
"vendor": "hikvision digital",
"version": null
},
{
"_id": null,
"model": "ds-2cd2732f-i",
"scope": null,
"trust": 0.8,
"vendor": "hikvision digital",
"version": null
},
{
"_id": null,
"model": "ds-2cd2t32-i3",
"scope": null,
"trust": 0.8,
"vendor": "hikvision digital",
"version": null
},
{
"_id": null,
"model": "ds-2cd2t32-i5",
"scope": null,
"trust": 0.8,
"vendor": "hikvision digital",
"version": null
},
{
"_id": null,
"model": "ds-2cd2t32-i8",
"scope": null,
"trust": 0.8,
"vendor": "hikvision digital",
"version": null
},
{
"_id": null,
"model": "ds-2cd4112f-i",
"scope": null,
"trust": 0.8,
"vendor": "hikvision digital",
"version": null
},
{
"_id": null,
"model": "ds-2cd4112fwd-i",
"scope": null,
"trust": 0.8,
"vendor": "hikvision digital",
"version": null
},
{
"_id": null,
"model": "ds-2cd4124f-i",
"scope": null,
"trust": 0.8,
"vendor": "hikvision digital",
"version": null
},
{
"_id": null,
"model": "ds-2cd4132fwd-i",
"scope": null,
"trust": 0.8,
"vendor": "hikvision digital",
"version": null
},
{
"_id": null,
"model": "ds-2cd63xx series",
"scope": null,
"trust": 0.8,
"vendor": "hikvision digital",
"version": null
},
{
"_id": null,
"model": "ds-2cd6412fwd",
"scope": null,
"trust": 0.8,
"vendor": "hikvision digital",
"version": null
},
{
"_id": null,
"model": "ds-2dfx series",
"scope": null,
"trust": 0.8,
"vendor": "hikvision digital",
"version": null
},
{
"_id": null,
"model": "ds-2cd2xx2f-i series build build",
"scope": "gte",
"trust": 0.6,
"vendor": "hikvision",
"version": "v5.2.0140721,\u003c=v5.4.0160530"
},
{
"_id": null,
"model": "ds-2cd2xx0f-i series build build",
"scope": "gte",
"trust": 0.6,
"vendor": "hikvision",
"version": "v5.2.0140721,\u003c=v5.4.0160401"
},
{
"_id": null,
"model": "ds-2dfx series build build",
"scope": "gte",
"trust": 0.6,
"vendor": "hikvision",
"version": "v5.2.0140805,\u003c=v5.4.5160928"
},
{
"_id": null,
"model": "ds-2cd63xx series build build",
"scope": "gte",
"trust": 0.6,
"vendor": "hikvision",
"version": "v5.0.9140305,\u003c=v5.3.5160106"
},
{
"_id": null,
"model": "ds-2cd2xx2fwd series build build",
"scope": "gte",
"trust": 0.6,
"vendor": "hikvision",
"version": "v5.3.1150410,\u003c=v5.4.4161125"
},
{
"_id": null,
"model": "ds-2cd4x2xfwd series build build",
"scope": "gte",
"trust": 0.6,
"vendor": "hikvision",
"version": "v5.2.0140721,\u003c=v5.4.0160414"
},
{
"_id": null,
"model": "ds-2cd4xx5 series build build",
"scope": "gte",
"trust": 0.6,
"vendor": "hikvision",
"version": "v5.2.0140721,\u003c=v5.4.0160421"
},
{
"_id": null,
"model": "digital technology ds-2dfx series build",
"scope": "eq",
"trust": 0.3,
"vendor": "hikvision",
"version": "5.4.5160928"
},
{
"_id": null,
"model": "digital technology ds-2dfx series build",
"scope": "eq",
"trust": 0.3,
"vendor": "hikvision",
"version": "5.2140805"
},
{
"_id": null,
"model": "digital technology ds-2cd63xx series build",
"scope": "eq",
"trust": 0.3,
"vendor": "hikvision",
"version": "5.3.5160106"
},
{
"_id": null,
"model": "digital technology ds-2cd63xx series build",
"scope": "eq",
"trust": 0.3,
"vendor": "hikvision",
"version": "5.0.9140305"
},
{
"_id": null,
"model": "digital technology ds-2cd4xx5 series build",
"scope": "eq",
"trust": 0.3,
"vendor": "hikvision",
"version": "5.4160421"
},
{
"_id": null,
"model": "digital technology ds-2cd4xx5 series build",
"scope": "eq",
"trust": 0.3,
"vendor": "hikvision",
"version": "5.2140721"
},
{
"_id": null,
"model": "digital technology ds-2cd4x2xfwd series build",
"scope": "eq",
"trust": 0.3,
"vendor": "hikvision",
"version": "5.4160414"
},
{
"_id": null,
"model": "digital technology ds-2cd4x2xfwd series build",
"scope": "eq",
"trust": 0.3,
"vendor": "hikvision",
"version": "5.2140721"
},
{
"_id": null,
"model": "digital technology ds-2cd2xx2fwd series build",
"scope": "eq",
"trust": 0.3,
"vendor": "hikvision",
"version": "5.4.4161125"
},
{
"_id": null,
"model": "digital technology ds-2cd2xx2fwd series build",
"scope": "eq",
"trust": 0.3,
"vendor": "hikvision",
"version": "5.3.1150410"
},
{
"_id": null,
"model": "digital technology ds-2cd2xx2f-i series build",
"scope": "eq",
"trust": 0.3,
"vendor": "hikvision",
"version": "5.4160530"
},
{
"_id": null,
"model": "digital technology ds-2cd2xx2f-i series build",
"scope": "eq",
"trust": 0.3,
"vendor": "hikvision",
"version": "5.2140721"
},
{
"_id": null,
"model": "digital technology ds-2cd2xx0f-i series build",
"scope": "eq",
"trust": 0.3,
"vendor": "hikvision",
"version": "5.4160401"
},
{
"_id": null,
"model": "digital technology ds-2cd2xx0f-i series build",
"scope": "eq",
"trust": 0.3,
"vendor": "hikvision",
"version": "5.2140721"
},
{
"_id": null,
"model": "digital technology ds-2dfx series build",
"scope": "ne",
"trust": 0.3,
"vendor": "hikvision",
"version": "5.4.9170123"
},
{
"_id": null,
"model": "digital technology ds-2cd63xx series build",
"scope": "ne",
"trust": 0.3,
"vendor": "hikvision",
"version": "5.4.5170206"
},
{
"_id": null,
"model": "digital technology ds-2cd4xx5 series build",
"scope": "ne",
"trust": 0.3,
"vendor": "hikvision",
"version": "5.4.5170302"
},
{
"_id": null,
"model": "digital technology ds-2cd4x2xfwd series build",
"scope": "ne",
"trust": 0.3,
"vendor": "hikvision",
"version": "5.4.5170228"
},
{
"_id": null,
"model": "digital technology ds-2cd2xx2fwd series build",
"scope": "ne",
"trust": 0.3,
"vendor": "hikvision",
"version": "5.4.5170124"
},
{
"_id": null,
"model": "digital technology ds-2cd2xx2f-i series build",
"scope": "ne",
"trust": 0.3,
"vendor": "hikvision",
"version": "5.4.5170123"
},
{
"_id": null,
"model": "digital technology ds-2cd2xx0f-i series build",
"scope": "ne",
"trust": 0.3,
"vendor": "hikvision",
"version": "5.4.5170123"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd2032 i",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd2112 i",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd2132 i",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd2212 i5",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd2232 i5",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd2312 i",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd2332 i",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd2412f i w",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd2432f i w",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd2512f i s",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd2532f i s",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd2612f i s",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd2632f i s",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd2712f i s",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd2732f i s",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd2t32 i3",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd2t32 i5",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd2t32 i8",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd4012f a",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd4012f p",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd4012f w",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd4012fwd a",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd4012fwd p",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd4012fwd w",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd4024f a",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd4024f p",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd4024f w",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd4032fwd a",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd4032fwd p",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd4032fwd w",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd4112f i z",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd4112fwd i z",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd4124f i z",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd4132fwd i z",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd4212f i h",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd4212f i s",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd4212f i z",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd4212fwd i h",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd4212fwd i s",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd4212fwd i z",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd4224f i h",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd4224f i s",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd4224f i z",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd4232fwd i h",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd4232fwd i s",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd4232fwd i z",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd4312f i h",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd4312f i s",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd4312f i z",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd4324f i h",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd4324f i s",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd4324f i z",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd4332fwd i h",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd4332fwd i s",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd4332fwd i z",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd6412fwd",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2dfx series",
"version": null
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ds 2cd63xx series",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "452557e5-8b2a-4ccf-8f68-5c107568fe4a"
},
{
"db": "CNVD",
"id": "CNVD-2017-06977"
},
{
"db": "BID",
"id": "98313"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1049"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003961"
},
{
"db": "NVD",
"id": "CVE-2017-7921"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd2032-i_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd2112-i_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd2132-i_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd2212-i5_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd2232-i5_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd2312-i_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd2332-i_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd2412f-i%28w%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd2432f-i%28w%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd2512f-i%28s%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd2532f-i%28s%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd2612f-i%28s%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd2632f-i%28s%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd2712f-i%28s%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd2732f-i%28s%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd2t32-i3_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd2t32-i5_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd2t32-i8_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd4012f-%28a%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd4012f-%28p%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd4012f-%28w%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd4012fwd-%28a%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd4012fwd-%28p%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd4012fwd-%28w%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd4024f-%28a%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd4024f-%28p%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd4024f-%28w%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd4032fwd-%28a%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd4032fwd-%28p%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd4032fwd-%28w%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd4112f-i%28z%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd4112fwd-i%28z%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd4124f-i%28z%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd4132fwd-i%28z%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd4212f-i%28h%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd4212f-i%28s%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd4212f-i%28z%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd4212fwd-i%28h%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd4212fwd-i%28s%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd4212fwd-i%28z%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd4224f-i%28h%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd4224f-i%28s%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd4224f-i%28z%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd4232fwd-i%28h%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd4232fwd-i%28s%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd4232fwd-i%28z%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd4312f-i%28h%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd4312f-i%28s%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd4312f-i%28z%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd4324f-i%28h%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd4324f-i%28s%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd4324f-i%28z%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd4332fwd-i%28h%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd4332fwd-i%28s%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd4332fwd-i%28z%29_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd63xx_series_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2cd6412fwd_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hikvision:ds-2dfx_series_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003961"
}
]
},
"credits": {
"_id": null,
"data": "Montecrypto",
"sources": [
{
"db": "BID",
"id": "98313"
}
],
"trust": 0.3
},
"cve": "CVE-2017-7921",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-7921",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-06977",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "452557e5-8b2a-4ccf-8f68-5c107568fe4a",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-116124",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-7921",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-7921",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-7921",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2017-7921",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-7921",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-06977",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-1049",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "452557e5-8b2a-4ccf-8f68-5c107568fe4a",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-116124",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-7921",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "452557e5-8b2a-4ccf-8f68-5c107568fe4a"
},
{
"db": "CNVD",
"id": "CNVD-2017-06977"
},
{
"db": "VULHUB",
"id": "VHN-116124"
},
{
"db": "VULMON",
"id": "CVE-2017-7921"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1049"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003961"
},
{
"db": "NVD",
"id": "CVE-2017-7921"
},
{
"db": "NVD",
"id": "CVE-2017-7921"
}
]
},
"description": {
"_id": null,
"data": "An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information. plural Hikvision The product contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HikvisionCameras is a camera produced by Haikang. A number of HikvisionCameras have an incorrect authentication vulnerability. Multiple Hikvision Cameras are prone to an information-disclosure vulnerability and an authentication-bypass vulnerability. Other attacks are also possible. Hikvision DS-2CD2xx2F-I Series are all network camera products of China Hikvision Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7921"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003961"
},
{
"db": "CNVD",
"id": "CNVD-2017-06977"
},
{
"db": "BID",
"id": "98313"
},
{
"db": "IVD",
"id": "452557e5-8b2a-4ccf-8f68-5c107568fe4a"
},
{
"db": "VULHUB",
"id": "VHN-116124"
},
{
"db": "VULMON",
"id": "CVE-2017-7921"
}
],
"trust": 2.79
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2017-7921",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-17-124-01",
"trust": 2.9
},
{
"db": "BID",
"id": "98313",
"trust": 2.1
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1049",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-06977",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU92379282",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003961",
"trust": 0.8
},
{
"db": "IVD",
"id": "452557E5-8B2A-4CCF-8F68-5C107568FE4A",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-116124",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-7921",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "452557e5-8b2a-4ccf-8f68-5c107568fe4a"
},
{
"db": "CNVD",
"id": "CNVD-2017-06977"
},
{
"db": "VULHUB",
"id": "VHN-116124"
},
{
"db": "VULMON",
"id": "CVE-2017-7921"
},
{
"db": "BID",
"id": "98313"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1049"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003961"
},
{
"db": "NVD",
"id": "CVE-2017-7921"
}
]
},
"id": "VAR-201705-3762",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "452557e5-8b2a-4ccf-8f68-5c107568fe4a"
},
{
"db": "CNVD",
"id": "CNVD-2017-06977"
},
{
"db": "VULHUB",
"id": "VHN-116124"
}
],
"trust": 1.792857142857143
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"IoT",
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "452557e5-8b2a-4ccf-8f68-5c107568fe4a"
},
{
"db": "CNVD",
"id": "CNVD-2017-06977"
}
]
},
"last_update_date": "2026-03-07T23:48:05.304000Z",
"patch": {
"_id": null,
"data": [
{
"title": "HSRC-201703-04",
"trust": 1.6,
"url": "http://www.hikvision.com/us/about_10805.html"
},
{
"title": "Patches for multiple HikvisionCameras incorrect authentication vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/93982"
},
{
"title": "hikvision_CVE-2017-7921_auth_bypass_config_decryptor",
"trust": 0.1,
"url": "https://github.com/chrisjd20/hikvision_CVE-2017-7921_auth_bypass_config_decryptor "
},
{
"title": "CVE-2017-7921-EXP",
"trust": 0.1,
"url": "https://github.com/JrDw0/CVE-2017-7921-EXP "
},
{
"title": "CVE_2017_7921_EXP",
"trust": 0.1,
"url": "https://github.com/A403/CVE_2017_7921_EXP "
},
{
"title": "cve-2017-7921-golang",
"trust": 0.1,
"url": "https://github.com/MisakaMikato/cve-2017-7921-golang "
},
{
"title": "CVE-2017-7921",
"trust": 0.1,
"url": "https://github.com/BurnyMcDull/CVE-2017-7921 "
},
{
"title": "VulWiki",
"trust": 0.1,
"url": "https://github.com/Ares-X/VulWiki "
},
{
"title": "Wiki",
"trust": 0.1,
"url": "https://github.com/nosafer/Wiki "
},
{
"title": "wiki",
"trust": 0.1,
"url": "https://github.com/nosafer/wiki "
},
{
"title": "yougar0.github.io",
"trust": 0.1,
"url": "https://github.com/yougar0/yougar0.github.io "
},
{
"title": "nosafer.github.io",
"trust": 0.1,
"url": "https://github.com/nosafer/nosafer.github.io "
},
{
"title": "kenzer-templates",
"trust": 0.1,
"url": "https://github.com/Elsfa7-110/kenzer-templates "
},
{
"title": "kenzer-templates",
"trust": 0.1,
"url": "https://github.com/ARPSyndicate/kenzer-templates "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06977"
},
{
"db": "VULMON",
"id": "CVE-2017-7921"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003961"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116124"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003961"
},
{
"db": "NVD",
"id": "CVE-2017-7921"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-124-01"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/98313"
},
{
"trust": 1.8,
"url": "http://www.hikvision.com/us/about_10805.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7921"
},
{
"trust": 1.2,
"url": "https://ghostbin.com/paste/q2vq2"
},
{
"trust": 1.0,
"url": "https://www.hikvision.com/cn/support/cybersecuritycenter/securitynotices/20170314/"
},
{
"trust": 1.0,
"url": "https://www.hikvision.com/us-en/support/document-center/special-notices/privilege-escalating-vulnerability-in-certain-hikvision-ip-cameras/"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2017-7921"
},
{
"trust": 1.0,
"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification--privilege-escalating-vulnerability-in-cer/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7921"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92379282/index.html"
},
{
"trust": 0.8,
"url": "https://ipcamtalk.com/threads/backdoor-found-in-hikvision-cameras.17523/"
},
{
"trust": 0.3,
"url": "http://hikvision.com/en/index.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=56496"
},
{
"trust": 0.1,
"url": "https://github.com/chrisjd20/hikvision_cve-2017-7921_auth_bypass_config_decryptor"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06977"
},
{
"db": "VULHUB",
"id": "VHN-116124"
},
{
"db": "VULMON",
"id": "CVE-2017-7921"
},
{
"db": "BID",
"id": "98313"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1049"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003961"
},
{
"db": "NVD",
"id": "CVE-2017-7921"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "452557e5-8b2a-4ccf-8f68-5c107568fe4a",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2017-06977",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-116124",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2017-7921",
"ident": null
},
{
"db": "BID",
"id": "98313",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1049",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003961",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2017-7921",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2017-05-19T00:00:00",
"db": "IVD",
"id": "452557e5-8b2a-4ccf-8f68-5c107568fe4a",
"ident": null
},
{
"date": "2017-05-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-06977",
"ident": null
},
{
"date": "2017-05-06T00:00:00",
"db": "VULHUB",
"id": "VHN-116124",
"ident": null
},
{
"date": "2017-05-06T00:00:00",
"db": "VULMON",
"id": "CVE-2017-7921",
"ident": null
},
{
"date": "2017-05-04T00:00:00",
"db": "BID",
"id": "98313",
"ident": null
},
{
"date": "2017-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1049",
"ident": null
},
{
"date": "2017-06-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003961",
"ident": null
},
{
"date": "2017-05-06T00:29:00.350000",
"db": "NVD",
"id": "CVE-2017-7921",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2017-05-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-06977",
"ident": null
},
{
"date": "2017-12-19T00:00:00",
"db": "VULHUB",
"id": "VHN-116124",
"ident": null
},
{
"date": "2017-12-19T00:00:00",
"db": "VULMON",
"id": "CVE-2017-7921",
"ident": null
},
{
"date": "2017-05-23T16:23:00",
"db": "BID",
"id": "98313",
"ident": null
},
{
"date": "2017-05-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1049",
"ident": null
},
{
"date": "2017-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003961",
"ident": null
},
{
"date": "2026-03-05T20:16:08.180000",
"db": "NVD",
"id": "CVE-2017-7921",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1049"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "plural Hikvision Authentication vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003961"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1049"
}
],
"trust": 0.6
}
}