Security Notification: Privilege-Escalating Vulnerability in Certain Hikvision IP Cameras
SN No. HSRC-201703-04
Edit: Hikvision Security Response Center (HSRC)
Initial Release Date: 2017-03-10
Update Release Date: 2017-03-12
Summary
While processing a specified request code, the user privilege-escalating vulnerability may occur for select Hikvision IP cameras with particular firmware version.
CVE ID
CVE-2017-7921; CVE-2017-7923
Impact
By exploiting this vulnerability, attackers could obtain an unauthorized escalated additional user privilege to acquire or tamper with the device information.
Affected Software Versions and Fixes
Product Name |
Affected Versions |
Resolved Versions |
Where to update firmware |
DS-2CD2xx2F-I Series |
V5.2.0 build 140721 to V5.4.0 build 160530 |
V5.4.41 build 170310 and later |
Download link |
DS-2CD2xx0 Series |
V5.2.0 build 140721 to V5.4.4 build 161107 |
V5.4.41 build 170309 and later |
Download link |
DS-2CD4x2xFWD Series |
V5.2.0 build 140721 to V5.4.0 build 160414 |
V5.4.41 build 170310 and later |
Download link |
DS-2CD4xx5 Series |
V5.2.0 build 140721 to V5.4.0 build 160421 |
V5.4.41 build 170309 and later |
Download link |
DS-2CD2xx2FWD Series |
V5.3.1 build 150410 to V5.4.4 build 161125 |
V5.4.41 build 170309 and later |
Download link |
DS-2DEx Series |
V5.2.0 build 140807 to V5.3.9 build 150910 |
V5.4.71 build 170309 and later |
Download link |
DS-2DFx Series |
V5.2.0 build 140805 to V5.4.5 build 160928 |
V5.4.71 build 170309 and later |
Download link |
Solution
Update devices with the correct firmware.
Contact Us
Should you have a security problem or concern, please contact Hikvision Security Response Center at hsrc@hrbaojie.com.
You are using a web browser we don’t support. Please try one of the following options to have a better experience of our web content.