• 918博天堂·(中国区)首页

    Security Notification - Buffer Overflow Vulnerability in Some Hikvision IP Cameras

    Security Notification- Buffer Overflow Vulnerability in Some Hikvision IP Cameras

    SN No. HSRC-201808-01

    Edit: Hikvision Security Response Center (HSRC)

    Initial Release Date: 2018-08-13

    Update Date: 2018-08-23

    Summary

    A buffer overflow vulnerability in the web server of some Hikvision IP Cameras allows an attacker to send a specially crafted message to affected devices. Due to the insufficient input validation, successful exploit can corrupt memory and lead to arbitrary code execution or crash the process.  

    CVE ID

    CVE-2018-6414

    Scoring

    CVSS v3 is adopted in this vulnerability scoring(http://www.first.org/cvss/specification-document)

    Base score: 8.9 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H)

    Temporal score: 8.0 (E:P/RL:O/RC:C)

    Affected Versions and Fixes

    IPC:

    Product Name

    Affected Versions

    Resolved Versions

    Where to update firmware

    DS-2CD2xx5
    DS-2CD2xx3

    V5.5.0 build170725 to V5.5.52 build180511

    V5.5.61 build180718  and later

    Download link

    DS-2CD3xxx

    V5.5.0 build170725 to V5.5.60 build180515

    V5.5.61 build180718  and later

    Download link

    DS-2CD1X43
    DS-2CD1X53

    V5.5.2 build170920 to V5.5.52 build180523

    V5.5.53 build180716  and later

    Download link

    DS-2CD2X12FWD
    DS-2CD2X22FWD
    DS-2CD2X42FWD
    DS-2CD2X52F

     

    V5.5.0 build170725 to V5.5.52 build180427

     

    V5.5.53 build180730  and later

    Download link

    DS-2CD4x26EFWD
    DS-2CD4BxxFWD
    DS-2CD4CxxFWD
    DS-2CD4DxxFWD
    DS-2XMxxxx

    V5.5.0 build170914 to V5.5.52 build180601

    V5.5.53 build180719  and later

    Download link

    DS-2CD1x01-I

    V5.5.5 build180207 to V5.5.52 build180620

    V5.5.53 build180717  and later

    Download link

    DS-2CD1x23

    V5.5.2 build171013 to V5.5.52 build180522

    V5.5.53 build180713  and later

    Download link

    DS-2CD1x21

    V5.5.4 build180104 to V5.5.52 build180626

    V5.5.53 build180717  and later

    Download link

    HiLook:

    Product Name

    Affected Versions

    Resolved Versions

    Where to update firmware

    IPC-B100
    IPC-D100

    V5.5.5 build180207 to V5.5.52 build180620

    V5.5.53 build180717  and later

    Download link

    IPC-x120H
    IPC-T220H

    V5.5.2 build171013 to V5.5.52 build180522

    V5.5.53 build180713  and later

    Download link

    IPD*:

    Product Name

    Affected Versions

    Resolved Versions

    Where to update firmware

    DS-2DF5xxx
    DS-2DF6xxx
    DS-2DF7xxx
    DS-2DF8xxx
    DS-2DT6223

    V5.5.2 build171201 and previous versions*

    V5.5.71 build180723  and later

    Download link

    DS-2DE4xxxW
    DS-2DE5xxxW
    DS-2DE7xxxW

    V5.5.6 build180408 and previous versions*

    V5.5.71 build180725  and later

    Download link

     

    * 2018/08/23 update: The affected version of IPD doesn't include V5.4.0 and previous versions. 

     

    Obtaining fixed firmware:

    Users should download the updated firmware to guard against this potential vulnerability. It is available on the Hikvision official website.

    Source of vulnerability information

    This vulnerability is reported to HSRC by Ori Hollander of VDOO Connected Trust LTD., an Israeli security company focuses on IoT security.

    Contact Us

    Should you have a security problem or concern, please contact Hikvision Security Response Center at hsrc@hrbaojie.com.

    Contact Us
    Hik-Partner Pro close
    Hik-Partner Pro
    Hik-Partner Pro
    Scan and download the app
    Download
    Hik-Partner Pro
    Hik-Partner Pro

    Get a better browsing experience

    You are using a web browser we don’t support. Please try one of the following options to have a better experience of our web content.