918博天堂·(中国区)首页

      Buffer Overflow Vulnerability in Hikvision NVR/DVR Devices

      Buffer Overflow Vulnerability in Hikvision NVR/DVR Devices

      SN No. HSRC-202311-01

      Edit: Hikvision Security Response Center (HSRC)

      Initial Release Date: 2023-11-17

       

      Summary

      Hikvision has released a patch to fix a buffer overflow vulnerability in the password recovery feature of Hikvision NVR/DVR models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.

       

      CVE ID

      CVE-2023-28811

       

      Scoring

      CVSS v3.1 was used in scoring this vulnerability.

       

      (http://www.first.org/cvss/specification-document)

       

      Base score: 7.4 (AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)

       


      Affected Versions and Fixes

       

       

      Product Name

      Affected Versions

      Fix Download

       

       

       

       

       

       

       

       

       

       

       

       

       

       

       

       

       

       

       

       

       

       

       

       

       

       

       

       

       

      DVR

      iDS-EXXHUH

      DS-EXXHGH

      iDS-EXXHQH

      DVR-EXXHUH

      DVR-EXXHGH

      DVR-EXXHQH

      iDS-72XXHQH-M(C)

      iDS-72XXHUH-M(C)

      iDS-72XXHQH-M(E)

      iDS-72XXHUH-M(E)

      iDS-72XXHTH-M(C)

      HW-HWD-72XXMH-G4

      HW-HWD-62XXMH-G4

      HL-DVR-216Q-K2(E)

      DS-71XXHGH-M(C)

      DS-72XXHGH-M(C)

      DS-71XXHGH-K(S)

      DS-72XXHGH-K(S)

      HL-DVR-1XXG-K(S)

      HL-DVR-2XXG-K(S)

      HL-DVR-1XXG-M(C)

      HL-DVR-2XXG-M(C)

      HW-HWD-51XXH(S)

      HW-HWD-51XXH-G

      HW-HWD-51XXMH-G

      iDS-71xxHQH-M(C)

      iDS-71xxHQH-M(E)

      iDS-72xxHQH-M/E(C)

      iDS-72xxHQH-M/E(E)

      HL-DVR-2XXQ-M(C)

      HL-DVR-2XXQ-M(E)

      HW-HWD-61XXMH-G4

      HW-HWD-61XXMH-G4(E)

      iDS-71xxHUH-M(C)

      iDS-72xxHUH-M/E(C)

      iDS-71xxHUH-M(E)

      iDS-72xxHUH-M/E(E)

      HL-DVR-2XXU-M(C)

      HL-DVR-2XXU-M(E)

      HW-HWD-71XXMH-G4

      HW-HWD-71XXMH-G4(E)

      Build date before 230821(Version  before  V4.1.60  are not affected) 

      Version build date after 230821

       

       

       

       

       

       

       

       

       

       

       

       

       

      NVR

      NVR-2xxMH-C(D)

      NVR-1xxMH-C(D)

      HW-HWN-42xxMH(D)

      HW-HWN-41xxMH(D)

      DS-71xxNI-Q1(C)

      DS-71xxNI-Q1(D)

      HL-NVR-1xxMH-D(C)

      HL-NVR-1xxMH-D(D)

      HW-HWN-21xxMH(C)

      HW-HWN-21xxMH(D)

      DS-76xxNI-Q1(C)

      DS-76xxNI-Q2(C)

      DS-76xxNI-K1(C)

      HW-HWN-41xxMH(C)

      HW-HWN-42xxMH(C)

      HL-NVR-1xxMH-C(C)

      HL-NVR-2xxMH-C(C)

      DS-77xxNI-I4(B)

      Build date before 230821(Version  before  V4.1.60  are not affected) 

      Version build date after 230821

       

      Obtaining Fixed Versions

      Users can download patches/updates on the Hikvision official website or contact support@hrbaojie.com.

       

      Source of Vulnerability Information:

      The vulnerability was reported to HSRC by Sergio Ruiz of the IOActive team.

       

      Contact Us:

      To report any security issues or vulnerabilities in Hikvision products and solutions, please contact the Hikvision Security Response Center at hsrc@hrbaojie.com.

      Hikvision would like to thank all security researchers for your attention to our products.

       

      2023-11-17 V1.0 INITIAL

      2023-11-29 V1.1 UPDATED: Updated Affected Versions

      Contact Us
      Hik-Partner Pro close
      Hik-Partner Pro
      Hik-Partner Pro
      Scan and download the app
      Download
      Hik-Partner Pro
      Hik-Partner Pro

      Get a better browsing experience

      You are using a web browser we don’t support. Please try one of the following options to have a better experience of our web content.