CVE-2025-66176 (GCVE-0-2025-66176)

Vulnerability from cvelistv5 – Published: 2026-01-13 01:47 – Updated: 2026-01-13 17:28
VLAI?
Summary
There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.
Severity ?
8.8 (High)
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
Vendor Product Version
Hikvision DS-K1T331 Affected: Versions below V3.7.80
Create a notification for this product.
    Hikvision DS-K1T341A/K1T341B Affected: Versions below V3.7.80
Create a notification for this product.
    Hikvision DS-K1T671/K5671 Affected: Versions below V3.7.80
Create a notification for this product.
    Hikvision DS-K1T672 Affected: Versions below V3.7.80
Create a notification for this product.
    Hikvision DS-K1T680 Affected: Versions below V3.7.80
Create a notification for this product.
    Hikvision DS-K1T981 Affected: Versions below V3.7.80
Create a notification for this product.
    Hikvision DS-K1T341C Affected: Versions below V3.3.180
Create a notification for this product.
    Hikvision DS-K1T670/K1T673 Affected: Versions below V4.48.0
Create a notification for this product.
    Hikvision DS-K1T8003 Affected: Versions below V1.4.21
Create a notification for this product.
    Hikvision DS-K1T804A Affected: Versions below V1.4.22
Create a notification for this product.
    Hikvision DS-K1T8003/8004 Affected: Versions below V1.4.21
Create a notification for this product.
    Hikvision DS-K1T804A Affected: Versions below V1.4.22
Create a notification for this product.
    Hikvision DS-K1T804B Affected: Versions below V1.4.23
Create a notification for this product.
    Hikvision DS-K1T201A/K1T105A Affected: Versions below V1.3.65
Create a notification for this product.
    Hikvision DS-K1T342/K1T343/K1T344/DS-K1T6QT-F72/F43 Affected: Versions below V4.48.0
Create a notification for this product.
    Hikvision DS-K1T8005/DS-K1T808 Affected: Versions below V3.25.40
Create a notification for this product.
    Hikvision DS-K1T320/DS-K1T321 Affected: Versions below V3.9.40
Create a notification for this product.
    Hikvision DS-K1T323/DS-K1T510 Affected: Versions below V4.23.41
Create a notification for this product.
    Hikvision DS-K5033 Affected: Versions below V4.37.40
Create a notification for this product.
Credits
Cisco Talos Team
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-66176",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T14:32:35.447766Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-121",
                "description": "CWE-121 Stack-based Buffer Overflow",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-13T17:28:04.643Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DS-K1T331",
          "vendor": "Hikvision",
          "versions": [
            {
              "status": "affected",
              "version": "Versions below V3.7.80"
            }
          ]
        },
        {
          "product": "DS-K1T341A/K1T341B",
          "vendor": "Hikvision",
          "versions": [
            {
              "status": "affected",
              "version": "Versions below V3.7.80"
            }
          ]
        },
        {
          "product": "DS-K1T671/K5671",
          "vendor": "Hikvision",
          "versions": [
            {
              "status": "affected",
              "version": "Versions below V3.7.80"
            }
          ]
        },
        {
          "product": "DS-K1T672",
          "vendor": "Hikvision",
          "versions": [
            {
              "status": "affected",
              "version": "Versions below V3.7.80"
            }
          ]
        },
        {
          "product": "DS-K1T680",
          "vendor": "Hikvision",
          "versions": [
            {
              "status": "affected",
              "version": "Versions below V3.7.80"
            }
          ]
        },
        {
          "product": "DS-K1T981",
          "vendor": "Hikvision",
          "versions": [
            {
              "status": "affected",
              "version": "Versions below V3.7.80"
            }
          ]
        },
        {
          "product": "DS-K1T341C",
          "vendor": "Hikvision",
          "versions": [
            {
              "status": "affected",
              "version": "Versions below V3.3.180"
            }
          ]
        },
        {
          "product": "DS-K1T670/K1T673",
          "vendor": "Hikvision",
          "versions": [
            {
              "status": "affected",
              "version": "Versions below V4.48.0"
            }
          ]
        },
        {
          "product": "DS-K1T8003",
          "vendor": "Hikvision",
          "versions": [
            {
              "status": "affected",
              "version": "Versions below V1.4.21"
            }
          ]
        },
        {
          "product": "DS-K1T804A",
          "vendor": "Hikvision",
          "versions": [
            {
              "status": "affected",
              "version": "Versions below V1.4.22"
            }
          ]
        },
        {
          "product": "DS-K1T8003/8004",
          "vendor": "Hikvision",
          "versions": [
            {
              "status": "affected",
              "version": "Versions below V1.4.21"
            }
          ]
        },
        {
          "product": "DS-K1T804A",
          "vendor": "Hikvision",
          "versions": [
            {
              "status": "affected",
              "version": "Versions below V1.4.22"
            }
          ]
        },
        {
          "product": "DS-K1T804B",
          "vendor": "Hikvision",
          "versions": [
            {
              "status": "affected",
              "version": "Versions below V1.4.23"
            }
          ]
        },
        {
          "product": "DS-K1T201A/K1T105A",
          "vendor": "Hikvision",
          "versions": [
            {
              "status": "affected",
              "version": "Versions below V1.3.65"
            }
          ]
        },
        {
          "product": "DS-K1T342/K1T343/K1T344/DS-K1T6QT-F72/F43",
          "vendor": "Hikvision",
          "versions": [
            {
              "status": "affected",
              "version": "Versions below V4.48.0"
            }
          ]
        },
        {
          "product": "DS-K1T8005/DS-K1T808",
          "vendor": "Hikvision",
          "versions": [
            {
              "status": "affected",
              "version": "Versions below V3.25.40"
            }
          ]
        },
        {
          "product": "DS-K1T320/DS-K1T321",
          "vendor": "Hikvision",
          "versions": [
            {
              "status": "affected",
              "version": "Versions below V3.9.40"
            }
          ]
        },
        {
          "product": "DS-K1T323/DS-K1T510",
          "vendor": "Hikvision",
          "versions": [
            {
              "status": "affected",
              "version": "Versions below V4.23.41"
            }
          ]
        },
        {
          "product": "DS-K5033",
          "vendor": "Hikvision",
          "versions": [
            {
              "status": "affected",
              "version": "Versions below V4.37.40"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Cisco Talos Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-13T01:47:27.191Z",
        "orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
        "shortName": "hikvision"
      },
      "references": [
        {
          "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/buffer-overflow-vulnerabilities-in-some-hikvision-products/"
        }
      ],
      "x_generator": {
        "engine": "cveClient/1.0.15"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
    "assignerShortName": "hikvision",
    "cveId": "CVE-2025-66176",
    "datePublished": "2026-01-13T01:47:27.191Z",
    "dateReserved": "2025-11-24T08:59:35.903Z",
    "dateUpdated": "2026-01-13T17:28:04.643Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-66176\",\"sourceIdentifier\":\"hsrc@hikvision.com\",\"published\":\"2026-01-13T03:16:01.097\",\"lastModified\":\"2026-01-13T18:16:06.060\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"hsrc@hikvision.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-121\"}]}],\"references\":[{\"url\":\"https://www.hikvision.com/en/support/cybersecurity/security-advisory/buffer-overflow-vulnerabilities-in-some-hikvision-products/\",\"source\":\"hsrc@hikvision.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-66176\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-13T14:32:35.447766Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-121\", \"description\": \"CWE-121 Stack-based Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-13T14:32:38.543Z\"}}], \"cna\": {\"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Cisco Talos Team\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Hikvision\", \"product\": \"DS-K1T331\", \"versions\": [{\"status\": \"affected\", \"version\": \"Versions below V3.7.80\"}]}, {\"vendor\": \"Hikvision\", \"product\": \"DS-K1T341A/K1T341B\", \"versions\": [{\"status\": \"affected\", \"version\": \"Versions below V3.7.80\"}]}, {\"vendor\": \"Hikvision\", \"product\": \"DS-K1T671/K5671\", \"versions\": [{\"status\": \"affected\", \"version\": \"Versions below V3.7.80\"}]}, {\"vendor\": \"Hikvision\", \"product\": \"DS-K1T672\", \"versions\": [{\"status\": \"affected\", \"version\": \"Versions below V3.7.80\"}]}, {\"vendor\": \"Hikvision\", \"product\": \"DS-K1T680\", \"versions\": [{\"status\": \"affected\", \"version\": \"Versions below V3.7.80\"}]}, {\"vendor\": \"Hikvision\", \"product\": \"DS-K1T981\", \"versions\": [{\"status\": \"affected\", \"version\": \"Versions below V3.7.80\"}]}, {\"vendor\": \"Hikvision\", \"product\": \"DS-K1T341C\", \"versions\": [{\"status\": \"affected\", \"version\": \"Versions below V3.3.180\"}]}, {\"vendor\": \"Hikvision\", \"product\": \"DS-K1T670/K1T673\", \"versions\": [{\"status\": \"affected\", \"version\": \"Versions below V4.48.0\"}]}, {\"vendor\": \"Hikvision\", \"product\": \"DS-K1T8003\", \"versions\": [{\"status\": \"affected\", \"version\": \"Versions below V1.4.21\"}]}, {\"vendor\": \"Hikvision\", \"product\": \"DS-K1T804A\", \"versions\": [{\"status\": \"affected\", \"version\": \"Versions below V1.4.22\"}]}, {\"vendor\": \"Hikvision\", \"product\": \"DS-K1T8003/8004\", \"versions\": [{\"status\": \"affected\", \"version\": \"Versions below V1.4.21\"}]}, {\"vendor\": \"Hikvision\", \"product\": \"DS-K1T804A\", \"versions\": [{\"status\": \"affected\", \"version\": \"Versions below V1.4.22\"}]}, {\"vendor\": \"Hikvision\", \"product\": \"DS-K1T804B\", \"versions\": [{\"status\": \"affected\", \"version\": \"Versions below V1.4.23\"}]}, {\"vendor\": \"Hikvision\", \"product\": \"DS-K1T201A/K1T105A\", \"versions\": [{\"status\": \"affected\", \"version\": \"Versions below V1.3.65\"}]}, {\"vendor\": \"Hikvision\", \"product\": \"DS-K1T342/K1T343/K1T344/DS-K1T6QT-F72/F43\", \"versions\": [{\"status\": \"affected\", \"version\": \"Versions below V4.48.0\"}]}, {\"vendor\": \"Hikvision\", \"product\": \"DS-K1T8005/DS-K1T808\", \"versions\": [{\"status\": \"affected\", \"version\": \"Versions below V3.25.40\"}]}, {\"vendor\": \"Hikvision\", \"product\": \"DS-K1T320/DS-K1T321\", \"versions\": [{\"status\": \"affected\", \"version\": \"Versions below V3.9.40\"}]}, {\"vendor\": \"Hikvision\", \"product\": \"DS-K1T323/DS-K1T510\", \"versions\": [{\"status\": \"affected\", \"version\": \"Versions below V4.23.41\"}]}, {\"vendor\": \"Hikvision\", \"product\": \"DS-K5033\", \"versions\": [{\"status\": \"affected\", \"version\": \"Versions below V4.37.40\"}]}], \"references\": [{\"url\": \"https://www.hikvision.com/en/support/cybersecurity/security-advisory/buffer-overflow-vulnerabilities-in-some-hikvision-products/\"}], \"x_generator\": {\"engine\": \"cveClient/1.0.15\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.\"}], \"providerMetadata\": {\"orgId\": \"da451dce-859b-4e51-8b87-9c8b60d19b32\", \"shortName\": \"hikvision\", \"dateUpdated\": \"2026-01-13T01:47:27.191Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-66176\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-13T17:28:04.643Z\", \"dateReserved\": \"2025-11-24T08:59:35.903Z\", \"assignerOrgId\": \"da451dce-859b-4e51-8b87-9c8b60d19b32\", \"datePublished\": \"2026-01-13T01:47:27.191Z\", \"assignerShortName\": \"hikvision\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.