Skip to main content

Hikvision

32 CVEs vendor

Monthly

CVE-2026-3828 HIGH This Week

Authenticated remote command execution in discontinued Hikvision DS-3E series switches (DS-3E1310P-SI, DS-3E1318P-SI, DS-3E1326P-SI) allows high-privilege users to execute arbitrary operating system commands by sending specially crafted network packets with malicious payloads due to insufficient input validation. The vulnerability carries a CVSS score of 7.2 with network attack vector and low complexity, though exploitation requires high-privilege credentials. Products were discontinued in December 2023, suggesting limited patch support and potential long-term exposure for deployed devices.

Hikvision Command Injection
NVD VulDB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-0709 HIGH This Week

Authenticated command injection in Hikvision Wireless Access Points allows credential-holding attackers to execute arbitrary commands through insufficient input validation on network packets. The vulnerability affects all users of vulnerable Hikvision WAP models with valid account access and currently lacks available patches. With a CVSS score of 7.2, this poses a significant risk for environments where administrative credentials may be compromised or shared.

Hikvision
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-66177 HIGH This Week

There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision NVR/DVR/CVR/IPC models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device. [CVSS 8.8 HIGH]

Hikvision Stack Overflow Buffer Overflow
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-66176 HIGH This Week

There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device. [CVSS 8.8 HIGH]

Hikvision Stack Overflow Buffer Overflow Ds K5671 Firmware Ds K1t6qt F43 Firmware +26
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-34067 CRITICAL Act Now

An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user input, allowing an attacker to trigger Fastjson's auto-type feature to load arbitrary Java classes. By referencing a malicious class via an LDAP URL, an attacker can achieve remote code execution on the underlying system. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.

Deserialization RCE Java Hikvision
NVD GitHub
CVSS 4.0
10.0
EPSS
2.7%
CVE-2025-34058 HIGH This Week

Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After authenticating with these credentials, an attacker can exploit an arbitrary file read vulnerability in the /systemLog/downFile.php endpoint via directory traversal in the fileName parameter. This exploit chain can enable unauthorized access to sensitive system files.

PHP Authentication Bypass Path Traversal Hikvision
NVD
CVSS 4.0
8.7
EPSS
1.2%
CVE-2025-45851 HIGH This Week

An issue in Hikvision DS-2CD1321-I V5.7.21 build 230819 allows attackers to cause a Denial of Service (DoS) via sending a crafted POST request to the endpoint /ISAPI/Security/challenge. The vendor has stated that upgrading to V5.7.23_SP2 fixes the issue.

Denial Of Service Hikvision
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-39240 HIGH This Week

CVE-2025-39240 is an authenticated remote command execution vulnerability in Hikvision Wireless Access Points caused by insufficient input validation in packet handling. Attackers with valid credentials can send crafted packets to execute arbitrary commands on affected devices, potentially achieving full system compromise. The vulnerability has a CVSS 7.2 score reflecting high confidentiality, integrity, and availability impact, though it requires valid authentication credentials to exploit.

Command Injection Hikvision RCE Authentication Bypass
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2024-29949 HIGH This Week

There is a command injection vulnerability in some Hikvision NVRs. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hikvision Command Injection
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2024-29948 LOW Monitor

There is an out-of-bounds read vulnerability in some Hikvision NVRs. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Hikvision Information Disclosure
NVD
CVSS 3.1
3.8
EPSS
0.4%
CVE-2024-29947 LOW Monitor

There is a NULL dereference pointer vulnerability in some Hikvision NVRs. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Hikvision Denial Of Service
NVD
CVSS 3.1
2.7
EPSS
0.4%
CVE-2023-6895 CRITICAL POC THREAT Act Now

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Hikvision Command Injection Intercom Broadcast System
NVD VulDB GitHub
CVSS 3.1
9.8
EPSS
89.1%
CVE-2023-6894 MEDIUM POC This Month

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hikvision Intercom Broadcast System
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-6893 HIGH POC THREAT This Week

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) and classified as problematic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Hikvision PHP Intercom Broadcast System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
70.2%
CVE-2023-28811 MEDIUM PATCH This Month

There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Hikvision Nvr 216Mh C D Firmware Nvr 216Mh C 16P D Firmware Nvr 208Mh C 8P D Firmware +37
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-28808 CRITICAL Act Now

Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hikvision Authentication Bypass Ds A71024 Firmware Ds A71048 Firmware Ds A71072R Firmware +7
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-28173 CRITICAL PATCH Act Now

The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permission. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Hikvision Authentication Bypass Ds 3Wf0Ac 2Nt Firmware Ds 3Wf01C 2N O Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2022-28172 MEDIUM This Month

The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hikvision XSS Ds A71024 Firmware Ds A71048 Firmware Ds A71072R Firmware +8
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-28171 CRITICAL POC THREAT Act Now

The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Hikvision Command Injection Ds A71024 Firmware Ds A71048 Firmware Ds A71072R Firmware +8
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
49.9%
CVE-2021-36260 CRITICAL POC KEV THREAT Emergency

A command injection vulnerability in the web server of some Hikvision product. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Hikvision Command Injection Ds 2Cd2026G2 Iu Sl Firmware Ds 2Cd2046G2 Iu Sl Firmware Ds 2Cd2066G2 I U Firmware +252
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.9%
CVE-2020-7057 MEDIUM POC This Month

Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Hikvision Information Disclosure Ds 7204Hghi F1 Firmware
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2018-6414 CRITICAL Act Now

A buffer overflow vulnerability in the web server of some Hikvision IP Cameras allows an attacker to send a specially crafted message to affected devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hikvision RCE Buffer Overflow Ip Cameras
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-6413 HIGH This Week

There is a buffer overflow in the Hikvision Camera DS-2CD9111-S of V4.1.2 build 160203 and before, and this vulnerability allows remote attackers to launch a denial of service attack (service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hikvision Denial Of Service Buffer Overflow Ds 2Cd9111 S Firmware
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2017-14953 MEDIUM This Month

HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate attackers to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hikvision Ds 2Cd2432F Iw Firmware
NVD
CVSS 3.0
6.5
EPSS
0.0%
CVE-2017-13774 HIGH This Week

Hikvision iVMS-4200 devices before v2.6.2.7 allow local users to generate password-recovery codes via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Hikvision Information Disclosure Ivms 4200
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-7923 HIGH PATCH This Week

A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Hikvision Ds 2Cd2032 I Firmware Ds 2Cd2112 I Firmware Ds 2Cd2132 I Firmware +55
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-7921 CRITICAL POC KEV PATCH THREAT Act Now

An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Authentication Bypass Hikvision
NVD
CVSS 3.1
9.8
EPSS
94.2%
Threat
7.8
CVE-2015-4409 MEDIUM PATCH This Month

Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Hikvision Ds 76Xxx Series Firmware Ds 77Xxx Series Firmware
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2015-4408 MEDIUM PATCH This Month

Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Hikvision Ds 76Xxx Series Firmware Ds 77Xxx Series Firmware
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2015-4407 MEDIUM PATCH This Month

Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Hikvision Ds 76Xxx Series Firmware Ds 77Xxx Series Firmware
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2014-4880 HIGH POC THREAT Act Now

Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote attackers to execute arbitrary code via an RTSP PLAY request with a long. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 78.6%.

Hikvision RCE Buffer Overflow Dvr Ds 7204 Firmware
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
78.6%
Threat
5.4
CVE-2013-4977 CRITICAL POC THREAT Emergency

Buffer overflow in the RTSP Packet Handler in Hikvision DS-2CD7153-E IP camera with firmware 4.1.0 b130111 (Jan 2013), and possibly other devices, allows remote attackers to cause a denial of service. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 50.2%.

Buffer Overflow Hikvision Denial Of Service RCE Ds 2Cd7153 E Firmware +1
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
50.2%
Threat
5.0
EPSS 0% CVSS 7.2
HIGH This Week

Authenticated remote command execution in discontinued Hikvision DS-3E series switches (DS-3E1310P-SI, DS-3E1318P-SI, DS-3E1326P-SI) allows high-privilege users to execute arbitrary operating system commands by sending specially crafted network packets with malicious payloads due to insufficient input validation. The vulnerability carries a CVSS score of 7.2 with network attack vector and low complexity, though exploitation requires high-privilege credentials. Products were discontinued in December 2023, suggesting limited patch support and potential long-term exposure for deployed devices.

Hikvision Command Injection
NVD VulDB
EPSS 0% CVSS 7.2
HIGH This Week

Authenticated command injection in Hikvision Wireless Access Points allows credential-holding attackers to execute arbitrary commands through insufficient input validation on network packets. The vulnerability affects all users of vulnerable Hikvision WAP models with valid account access and currently lacks available patches. With a CVSS score of 7.2, this poses a significant risk for environments where administrative credentials may be compromised or shared.

Hikvision
NVD
EPSS 0% CVSS 8.8
HIGH This Week

There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision NVR/DVR/CVR/IPC models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device. [CVSS 8.8 HIGH]

Hikvision Stack Overflow Buffer Overflow
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device. [CVSS 8.8 HIGH]

Hikvision Stack Overflow Buffer Overflow +28
NVD VulDB
EPSS 3% CVSS 10.0
CRITICAL Act Now

An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user input, allowing an attacker to trigger Fastjson's auto-type feature to load arbitrary Java classes. By referencing a malicious class via an LDAP URL, an attacker can achieve remote code execution on the underlying system. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.

Deserialization RCE Java +1
NVD GitHub
EPSS 1% CVSS 8.7
HIGH This Week

Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After authenticating with these credentials, an attacker can exploit an arbitrary file read vulnerability in the /systemLog/downFile.php endpoint via directory traversal in the fileName parameter. This exploit chain can enable unauthorized access to sensitive system files.

PHP Authentication Bypass Path Traversal +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

An issue in Hikvision DS-2CD1321-I V5.7.21 build 230819 allows attackers to cause a Denial of Service (DoS) via sending a crafted POST request to the endpoint /ISAPI/Security/challenge. The vendor has stated that upgrading to V5.7.23_SP2 fixes the issue.

Denial Of Service Hikvision
NVD
EPSS 0% CVSS 7.2
HIGH This Week

CVE-2025-39240 is an authenticated remote command execution vulnerability in Hikvision Wireless Access Points caused by insufficient input validation in packet handling. Attackers with valid credentials can send crafted packets to execute arbitrary commands on affected devices, potentially achieving full system compromise. The vulnerability has a CVSS 7.2 score reflecting high confidentiality, integrity, and availability impact, though it requires valid authentication credentials to exploit.

Command Injection Hikvision RCE +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

There is a command injection vulnerability in some Hikvision NVRs. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hikvision Command Injection
NVD
EPSS 0% CVSS 3.8
LOW Monitor

There is an out-of-bounds read vulnerability in some Hikvision NVRs. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Hikvision Information Disclosure
NVD
EPSS 0% CVSS 2.7
LOW Monitor

There is a NULL dereference pointer vulnerability in some Hikvision NVRs. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Hikvision Denial Of Service
NVD
EPSS 89% CVSS 9.8
CRITICAL POC THREAT Act Now

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Hikvision Command Injection +1
NVD VulDB GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hikvision Intercom Broadcast System
NVD GitHub VulDB
EPSS 70% CVSS 7.5
HIGH POC THREAT This Week

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) and classified as problematic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Hikvision PHP +1
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Hikvision Nvr 216Mh C D Firmware +39
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hikvision Authentication Bypass Ds A71024 Firmware +9
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permission. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Hikvision Authentication Bypass Ds 3Wf0Ac 2Nt Firmware +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hikvision XSS Ds A71024 Firmware +10
NVD
EPSS 50% CVSS 9.8
CRITICAL POC THREAT Act Now

The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Hikvision Command Injection Ds A71024 Firmware +10
NVD Exploit-DB
EPSS 100% CVSS 9.8
CRITICAL POC KEV THREAT Emergency

A command injection vulnerability in the web server of some Hikvision product. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Hikvision Command Injection Ds 2Cd2026G2 Iu Sl Firmware +254
NVD Exploit-DB
EPSS 1% CVSS 5.3
MEDIUM POC This Month

Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Hikvision Information Disclosure Ds 7204Hghi F1 Firmware
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A buffer overflow vulnerability in the web server of some Hikvision IP Cameras allows an attacker to send a specially crafted message to affected devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hikvision RCE Buffer Overflow +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

There is a buffer overflow in the Hikvision Camera DS-2CD9111-S of V4.1.2 build 160203 and before, and this vulnerability allows remote attackers to launch a denial of service attack (service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hikvision Denial Of Service Buffer Overflow +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate attackers to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hikvision Ds 2Cd2432F Iw Firmware
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Hikvision iVMS-4200 devices before v2.6.2.7 allow local users to generate password-recovery codes via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Hikvision Information Disclosure Ivms 4200
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Hikvision Ds 2Cd2032 I Firmware +57
NVD
EPSS 94% 7.8 CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Authentication Bypass Hikvision
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Hikvision +2
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Hikvision +2
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Hikvision +2
NVD
EPSS 79% 5.4 CVSS 7.5
HIGH POC THREAT Act Now

Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote attackers to execute arbitrary code via an RTSP PLAY request with a long. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 78.6%.

Hikvision RCE Buffer Overflow +1
NVD Exploit-DB
EPSS 50% 5.0 CVSS 10.0
CRITICAL POC THREAT Emergency

Buffer overflow in the RTSP Packet Handler in Hikvision DS-2CD7153-E IP camera with firmware 4.1.0 b130111 (Jan 2013), and possibly other devices, allows remote attackers to cause a denial of service. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 50.2%.

Buffer Overflow Hikvision Denial Of Service +3
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy