Skip to main content

Hikvision CVE-2017-7921

CRITICAL
Improper Authentication (CWE-287)
2017-05-06 ics-cert@hq.dhs.gov
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Added to CISA KEV
Apr 21, 2026 - 15:31 CISA
CVE Published
May 06, 2017 - 00:29 cve.org
CRITICAL 9.8

DescriptionCVE.org

An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.

AnalysisAI

An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Technical ContextAI

This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information. Affected products include: Hikvision Ds-2Cd2032-I Firmware, Hikvision Ds-2Cd2112-I Firmware, Hikvision Ds-2Cd2132-I Firmware, Hikvision Ds-2Cd2212-I5 Firmware, Hikvision Ds-2Cd2232-I5 Firmware.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.

CVE-2014-4880 HIGH POC
7.5 Dec 08

Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote atta

CVE-2013-4977 CRITICAL POC
10.0 Mar 03

Buffer overflow in the RTSP Packet Handler in Hikvision DS-2CD7153-E IP camera with firmware 4.1.0 b130111 (Jan 2013), a

CVE-2021-36260 CRITICAL POC
9.8 Sep 22

A command injection vulnerability in the web server of some Hikvision product. Rated critical severity (CVSS 9.8), this

CVE-2023-6895 CRITICAL POC
9.8 Dec 17

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). Rated critical severity

CVE-2022-28171 CRITICAL POC
9.8 Jun 27

The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Rated cr

CVE-2023-6893 HIGH POC
7.5 Dec 17

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) and classified as proble

CVE-2025-34067 CRITICAL
10.0 Jul 02

An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Se

CVE-2023-6894 MEDIUM POC
6.5 Dec 17

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). Rated medium severity (

CVE-2023-28808 CRITICAL
9.8 Apr 11

Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the

CVE-2022-28173 CRITICAL
9.8 Dec 19

The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obta

CVE-2018-6414 CRITICAL
9.8 Aug 13

A buffer overflow vulnerability in the web server of some Hikvision IP Cameras allows an attacker to send a specially cr

CVE-2020-7057 MEDIUM POC
5.3 Jan 14

Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessio

Share

CVE-2017-7921 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy