32
CVEs
9
Critical
13
High
2
KEV
9
PoC
19
Unpatched C/H
21.9%
Patch Rate
17.2%
Avg EPSS
Severity Breakdown
CRITICAL
9
HIGH
13
MEDIUM
8
LOW
2
Monthly CVE Trend
Affected Products (30)
Ds 76Xxx Series Firmware
3
Intercom Broadcast System
3
Ds A72024 Firmware
3
Ds A71024 Firmware
3
Ds A82024D Firmware
3
Ds A81016S Firmware
3
Ds A72072R Firmware
3
Ds A80316S Firmware
3
PHP
3
Ds A71048R Cvs Firmware
3
Ds A80624S Firmware
3
Ds A71048 Firmware
3
Ds 77Xxx Series Firmware
3
Ds A71072R Firmware
3
Ds A72048R Cvs Firmware
2
Ds 2Cd3686G2 Izs Firmware
1
Ds 2Xe6242F Is 316L B Firmware
1
Ds K1t670 Firmware
1
Ds K1t804a Firmware
1
Ids 2Sk8144Ixs D J Firmware
1
Ids 2Sk718Mxs D Firmware
1
Ds 2Cd3323G2 Iu Firmware
1
Ds 2Cd2163G2 Iu Firmware
1
Dvr Ds 7204 Firmware
1
Ds 2Td4136T 9 Firmware
1
Ds K5671 Firmware
1
Ds 2Cd3526G2 Is Firmware
1
Ds 2Cd2332 I Firmware
1
Ds K1t8003 Firmware
1
Ds 2Cd2623G2 Izs Firmware
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2017-7921 | An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | CRITICAL | 9.8 | 94.2% | 213 |
KEV
PoC
|
| CVE-2014-4880 | Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote attackers to execute arbitrary code via an RTSP PLAY request with a long. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 78.6%. | HIGH | 7.5 | 78.6% | 151 |
PoC
No patch
|
| CVE-2013-4977 | Buffer overflow in the RTSP Packet Handler in Hikvision DS-2CD7153-E IP camera with firmware 4.1.0 b130111 (Jan 2013), and possibly other devices, allows remote attackers to cause a denial of service. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 50.2%. | CRITICAL | 10.0 | 50.2% | 120 |
PoC
No patch
|
| CVE-2021-36260 | A command injection vulnerability in the web server of some Hikvision product. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 99.9% | 84 |
KEV
PoC
No patch
|
| CVE-2022-28171 | The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 49.9% | 69 |
PoC
No patch
|
| CVE-2023-6895 | A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 89.1% | 69 |
PoC
No patch
|
| CVE-2023-6893 | A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) and classified as problematic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.5 | 70.2% | 58 |
PoC
No patch
|
| CVE-2025-34067 | An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user input, allowing an attacker to trigger Fastjson's auto-type feature to load arbitrary Java classes. By referencing a malicious class via an LDAP URL, an attacker can achieve remote code execution on the underlying system. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC. | CRITICAL | 10.0 | 2.7% | 53 |
No patch
|
| CVE-2023-6894 | A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | MEDIUM | 6.5 | 1.0% | 52 |
PoC
No patch
|
| CVE-2018-6414 | A buffer overflow vulnerability in the web server of some Hikvision IP Cameras allows an attacker to send a specially crafted message to affected devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | CRITICAL | 9.8 | 2.3% | 49 |
No patch
|
| CVE-2022-28173 | The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permission. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. | CRITICAL | 9.8 | 0.6% | 49 |
|
| CVE-2023-28808 | Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | CRITICAL | 9.8 | 0.8% | 49 |
No patch
|
| CVE-2020-7057 | Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | MEDIUM | 5.3 | 1.1% | 46 |
PoC
No patch
|
| CVE-2025-34058 | Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After authenticating with these credentials, an attacker can exploit an arbitrary file read vulnerability in the /systemLog/downFile.php endpoint via directory traversal in the fileName parameter. This exploit chain can enable unauthorized access to sensitive system files. | HIGH | 8.7 | 1.2% | 45 |
No patch
|
| CVE-2017-7923 | A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. | HIGH | 8.8 | 0.6% | 45 |
|