Hikvision
CVE-2024-29948
LOW
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L
Primary rating from Vendor (hikvision) · only source for this CVE.
CVSS VectorVendor: hikvision
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L
Lifecycle Timeline
1DescriptionCVE.org
There is an out-of-bounds read vulnerability in some Hikvision NVRs. An authenticated attacker could exploit this vulnerability by sending specially crafted messages to a vulnerable device, causing a service abnormality.
AnalysisAI
There is an out-of-bounds read vulnerability in some Hikvision NVRs. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. There is an out-of-bounds read vulnerability in some Hikvision NVRs. An authenticated attacker could exploit this vulnerability by sending specially crafted messages to a vulnerable device, causing a service abnormality.
Affected ProductsAI
See vendor advisory for affected versions.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 16
Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote atta
Buffer overflow in the RTSP Packet Handler in Hikvision DS-2CD7153-E IP camera with firmware 4.1.0 b130111 (Jan 2013), a
A command injection vulnerability in the web server of some Hikvision product. Rated critical severity (CVSS 9.8), this
A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). Rated critical severity
The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Rated cr
A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) and classified as proble
An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Se
A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). Rated medium severity (
Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the
The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obta
A buffer overflow vulnerability in the web server of some Hikvision IP Cameras allows an attacker to send a specially cr
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today