The Official Sponsor of Hangzhou Asian Games
Commercial Display
Security Notification- Buffer Overflow Vulnerability in Some Hikvision IP Cameras
SN No. HSRC-201808-01
Edit: Hikvision Security Response Center (HSRC)
Initial Release Date: 2018-08-13
Update Date: 2018-08-23
Summary
A buffer overflow vulnerability in the web server of some Hikvision IP Cameras allows an attacker to send a specially crafted message to affected devices. Due to the insufficient input validation, successful exploit can corrupt memory and lead to arbitrary code execution or crash the process.
CVE ID
CVE-2018-6414
Scoring
CVSS v3 is adopted in this vulnerability scoring(http://www.first.org/cvss/specification-document)
Base score: 8.9 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H)
Temporal score: 8.0 (E:P/RL:O/RC:C)
Affected Versions and Fixes
IPC:
Product Name |
Affected Versions |
Resolved Versions |
Where to update firmware |
DS-2CD2xx5 |
V5.5.0 build170725 to V5.5.52 build180511 |
V5.5.61 build180718 and later |
|
DS-2CD3xxx |
V5.5.0 build170725 to V5.5.60 build180515 |
V5.5.61 build180718 and later |
|
DS-2CD1X43 |
V5.5.2 build170920 to V5.5.52 build180523 |
V5.5.53 build180716 and later |
|
DS-2CD2X12FWD |
V5.5.0 build170725 to V5.5.52 build180427 |
V5.5.53 build180730 and later |
|
DS-2CD4x26EFWD |
V5.5.0 build170914 to V5.5.52 build180601 |
V5.5.53 build180719 and later |
|
DS-2CD1x01-I |
V5.5.5 build180207 to V5.5.52 build180620 |
V5.5.53 build180717 and later |
|
DS-2CD1x23 |
V5.5.2 build171013 to V5.5.52 build180522 |
V5.5.53 build180713 and later |
|
DS-2CD1x21 |
V5.5.4 build180104 to V5.5.52 build180626 |
V5.5.53 build180717 and later |
HiLook:
Product Name |
Affected Versions |
Resolved Versions |
Where to update firmware |
IPC-B100 |
V5.5.5 build180207 to V5.5.52 build180620 |
V5.5.53 build180717 and later |
|
IPC-x120H |
V5.5.2 build171013 to V5.5.52 build180522 |
V5.5.53 build180713 and later |
IPD*:
Product Name |
Affected Versions |
Resolved Versions |
Where to update firmware |
DS-2DF5xxx |
V5.5.2 build171201 and previous versions* |
V5.5.71 build180723 and later |
|
DS-2DE4xxxW |
V5.5.6 build180408 and previous versions* |
V5.5.71 build180725 and later |
|
* 2018/08/23 update: The affected version of IPD doesn't include V5.4.0 and previous versions.
Obtaining fixed firmware:
Users should download the updated firmware to guard against this potential vulnerability. It is available on the Hikvision official website.
Source of vulnerability information
This vulnerability is reported to HSRC by Ori Hollander of VDOO Connected Trust LTD., an Israeli security company focuses on IoT security.
Contact Us
Should you have a security problem or concern, please contact Hikvision Security Response Center at hsrc@hrbaojie.com.
Ten serwis korzysta z plików cookies. Są one stosowane w celu zapamiętywania prywatnych ustawień użytkownika, oraz wygodniejszego i płynniejszego użytkowania portalu. Korzystając z serwisu wyrażasz zgodę na używanie cookies. Ustawienia te mogą być zmienione w każdej chwili w opcjach przeglądarki. Polityka Plików Cookie i Polityka Prywatności.
You are using a web browser we don’t support. Please try one of the following options to have a better experience of our web content.