918博天堂·(中国区)首页

Commercial Display

Global

Global - English

Asia

Europe

Oceania

ANZ - English

Latin America

North America

Canada - English
Canada - Français
United States - English

Middle East and Africa

SN No. HSRC-202311-03

Edit: Hikvision Security Response Center (HSRC)

Initial Release Date: 2023-11-23

Summary

Some Hikvision products have been affected by an authentication bypass vulnerability in the Hik-Connect Module, which could allow remote attackers to consume services by sending crafted messages to the affected devices.

CVE ID

CVE-2023-48121

Scoring

CVSS v3.1 is adopted in this vulnerability scoring.

(http://www.first.org/cvss/specification-document)

Base score: 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N)

Affected Versions

Nr	Product Name	Affected Versions
1	DS-2CV1xxx	build date before 231108
2	DS-2CV2xxx	build date before 231108
3	DS-2CD1xxx	build date before 230614
4	DS-2CD2xx1 DS-2CD2xx3 DS-2CD2xx6 DS-2CD2xx7	build date before 230630
5	DS-2CD2xx2 DS-2CD2xx0	build date before 231110
6	DS-2CD2xxx-W	build date before 230831
7	DS-2CD3xxx	build date before 210429
8	HWI-xxxx	build date before 231108
9	IPC-xxx	build date before 230614
10	DS-2DE4xxx	build date before 230519
11	DS-2DE2Axx	build date before 230612
12	iDS-EXXHUH DS-EXXHGH iDS-EXXHQH DVR-EXXHUH	build date before 230825
13	iDS-72XXHQH-M(C) iDS-72XXHUH-M(C) iDS-72XXHQH-M(E) iDS-72XXHUH-M(E) iDS-72XXHTH-M(C) HW-HWD-72XXMH-G4 HW-HWD-62XXMH-G4 HL-DVR-216Q-K2(E）	build date before 230823
14	DS-71XXHGH-M(C) DS-72XXHGH-M(C) DS-71XXHGH-K(S) DS-72XXHGH-K(S) HL-DVR-1XXG-K(S) HL-DVR-2XXG-K(S) HL-DVR-1XXG-M(C) HL-DVR-2XXG-M(C) HW-HWD-51XXH(S) HW-HWD-51XXH-G HW-HWD-51XXMH-G iDS-71xxHQH-M(C) iDS-71xxHQH-M(E) iDS-72xxHQH-M/E(C) iDS-72xxHQH-M/E(E) HL-DVR-2XXQ-M(C) HL-DVR-2XXQ-M(E) HW-HWD-61XXMH-G4 HW-HWD-61XXMH-G4(E) iDS-71xxHUH-M(C) iDS-72xxHUH-M/E(C) iDS-71xxHUH-M(E) iDS-72xxHUH-M/E(E) HL-DVR-2XXU-M(C) HL-DVR-2XXU-M(E) HW-HWD-71XXMH-G4 HW-HWD-71XXMH-G4(E)	build date before 230913
15	DS-76xxNI-Q1(/xP)(D) DS-76xxNI-Q2(/xP)(D) DS-77xxNI-Q4(/xP)(D) DS-76xxNXI-K1(/xP)(B) NVR-2xx(M)H(-xP)-C(D) NVR-1xx(M)H(-xP)-C(D) HW-HWN-42xx(M)H(-xP)(D) HW-HWN-41xx(M)H(-xP)(D)	build date before 230620
16	DS-71xxNI-Q1(/xP)(/M)(D) DS-76xxNI-Q1(C) DS-76xxNI-Q2(C) DS-76xxNI-K1(C) HL-NVR-1xx(M)H-D(D) HW-HWN-21xx(M)H(-xP)(D) HW-HWN-41xxMH(C) HW-HWN-42xxMH(C) HL-NVR-1xxMH-C(C) HL-NVR-2xxMH-C(C)	build date before 230707
17	DS-76xxNI-K2 DS-77xxNI-K4	build date before 230712
18	HL-NVR-EXXMH-D/4P(SSD 1T) HL-NVR-EXXMH-D/4P(SSD 2T) DS-EXXNI-Q1(SSD 1T) DS-EXXNI-Q1(SSD 2T)	build date before 230925

Precondition

The attacker has network access to the device.

Attack Step

Send a specially crafted malicious message.

Obtaining Fixed Version

Users can download the patch on the Hikvision official website.

Source of Vulnerability Information

The vulnerability was reported to EZVIZ Security Team by Joern (@joerngermany).

Kontakt

To report any security issues or vulnerabilities in Hikvision products and solutions, please contact Hikvision Security Response Center at hsrc@hrbaojie.com.

Hikvision would like to thank all security researchers for your attention to our products.

This Security Notice is released and updated based on Hikvision's current investigation results and is subject to changes.

2023-11-23 V1.0 INITIAL

2023-11-29 V1.1 UPDATED: Updated Affected Versions

2023-12-04 V1.2 UPDATED: Updated Affected Versions

Skontaktuj się z nami

Zapytania Handlowe

Zapytania Techniczne

Wsparcie online

Website Feedback

Website Feedback

Skontaktuj się z nami

Hik-Partner Pro close

Hik-Partner Pro

Security Business Assistant. At Your Fingertips. Learn more

Hik-Partner Pro

Scan and download the app

Download

Hik-Partner Pro

Get a better browsing experience

You are using a web browser we don’t support. Please try one of the following options to have a better experience of our web content.