Security Notification: Privilege-Escalating Vulnerability in Certain Hikvision IP Cameras
SN No. HSRC-201703-04
Edit: Hikvision Security Response Center (HSRC)
Initial Release Date: 2017-03-10
Update Release Date: 2017-03-12
Summary
While processing a specified request code, the user privilege-escalating vulnerability may occur for select Hikvision IP cameras with particular firmware version.
CVE ID
CVE-2017-7921; CVE-2017-7923
Impact
By exploiting this vulnerability, attackers could obtain an unauthorized escalated additional user privilege to acquire or tamper with the device information.
Affected Software Versions and Fixes
Product Name |
Affected Versions |
Resolved Versions |
Where to update firmware |
DS-2CD2xx2F-I Series |
V5.2.0 build 140721 to V5.4.0 build 160530 |
V5.4.41 build 170310 and later |
Download link |
DS-2CD2xx0 Series |
V5.2.0 build 140721 to V5.4.4 build 161107 |
V5.4.41 build 170309 and later |
Download link |
DS-2CD4x2xFWD Series |
V5.2.0 build 140721 to V5.4.0 build 160414 |
V5.4.41 build 170310 and later |
Download link |
DS-2CD4xx5 Series |
V5.2.0 build 140721 to V5.4.0 build 160421 |
V5.4.41 build 170309 and later |
Download link |
DS-2CD2xx2FWD Series |
V5.3.1 build 150410 to V5.4.4 build 161125 |
V5.4.41 build 170309 and later |
Download link |
DS-2DEx Series |
V5.2.0 build 140807 to V5.3.9 build 150910 |
V5.4.71 build 170309 and later |
Download link |
DS-2DFx Series |
V5.2.0 build 140805 to V5.4.5 build 160928 |
V5.4.71 build 170309 and later |
Download link |
Solution
Update devices with the correct firmware.
Contact Us
Should you have a security problem or concern, please contact Hikvision Security Response Center at hsrc@hrbaojie.com.
hrbaojie.com uses strictly necessary cookies and related technologies to enable the website to function. With your consent, we would also like to use cookies to observe and analyse traffic levels and other metrics / show you targeted advertising / show you advertising on the basis of your location / tailor our website's content. For more information on cookie practices please refer to our cookie policy.
You are using a web browser we don’t support. Please try one of the following options to have a better experience of our web content.