918博天堂·(中国区)首页

Global

Global - English

Asia

Europe

Oceania

ANZ - English

Latin America

North America

Canada - English
Canada - Français
United States - English

Middle East and Africa

SN No. HSRC-202311-01

Edit: Hikvision Security Response Center (HSRC)

Initial Release Date: 2023-11-17

Summary

Hikvision has released a patch to fix a buffer overflow vulnerability in the password recovery feature of Hikvision NVR/DVR models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.

CVE ID

CVE-2023-28811

Scoring

CVSS v3.1 was used in scoring this vulnerability.

(http://www.first.org/cvss/specification-document)

Base score: 7.4 (AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)

Affected Versions and Fixes

Product Name

Affected Versions

Fix Download

DVR

iDS-EXXHUH

DS-EXXHGH

iDS-EXXHQH

DVR-EXXHUH

DVR-EXXHGH

DVR-EXXHQH

iDS-72XXHQH-M(C)

iDS-72XXHUH-M(C)

iDS-72XXHQH-M(E)

iDS-72XXHUH-M(E)

iDS-72XXHTH-M(C)

HW-HWD-72XXMH-G4

HW-HWD-62XXMH-G4

HL-DVR-216Q-K2(E）

DS-71XXHGH-M(C)

DS-72XXHGH-M(C)

DS-71XXHGH-K(S)

DS-72XXHGH-K(S)

HL-DVR-1XXG-K(S)

HL-DVR-2XXG-K(S)

HL-DVR-1XXG-M(C)

HL-DVR-2XXG-M(C)

HW-HWD-51XXH(S)

HW-HWD-51XXH-G

HW-HWD-51XXMH-G

iDS-71xxHQH-M(C)

iDS-71xxHQH-M(E)

iDS-72xxHQH-M/E(C)

iDS-72xxHQH-M/E(E)

HL-DVR-2XXQ-M(C)

HL-DVR-2XXQ-M(E)

HW-HWD-61XXMH-G4

HW-HWD-61XXMH-G4(E)

iDS-71xxHUH-M(C)

iDS-72xxHUH-M/E(C)

iDS-71xxHUH-M(E)

iDS-72xxHUH-M/E(E)

HL-DVR-2XXU-M(C)

HL-DVR-2XXU-M(E)

HW-HWD-71XXMH-G4

HW-HWD-71XXMH-G4(E)

Build date before 230821(Version before V4.1.60 are not affected)

Version build date after 230821

NVR

NVR-2xxMH-C(D)

NVR-1xxMH-C(D)

HW-HWN-42xxMH(D)

HW-HWN-41xxMH(D)

DS-71xxNI-Q1(C)

DS-71xxNI-Q1(D)

HL-NVR-1xxMH-D(C)

HL-NVR-1xxMH-D(D)

HW-HWN-21xxMH(C)

HW-HWN-21xxMH(D)

DS-76xxNI-Q1(C)

DS-76xxNI-Q2(C)

DS-76xxNI-K1(C)

HW-HWN-41xxMH(C)

HW-HWN-42xxMH(C)

HL-NVR-1xxMH-C(C)

HL-NVR-2xxMH-C(C)

DS-77xxNI-I4(B)

Build date before 230821(Version before V4.1.60 are not affected)

Version build date after 230821

Obtaining Fixed Versions

Users can download patches/updates on the Hikvision official website or contact support@hrbaojie.com.

Source of Vulnerability Information:

The vulnerability was reported to HSRC by Sergio Ruiz of the IOActive team.

Contact Us:

To report any security issues or vulnerabilities in Hikvision products and solutions, please contact the Hikvision Security Response Center at hsrc@hrbaojie.com.

Hikvision would like to thank all security researchers for your attention to our products.

2023-11-17 V1.0 INITIAL

2023-11-29 V1.1 UPDATED: Updated Affected Versions

Technical Support

Online Service (French)

Online Service (English)

Subscribe Newsletter

Contact Us

Hik-Partner Pro close

Hik-Partner Pro

Security Business Assistant. At Your Fingertips. Learn more

Hik-Partner Pro

Scan and download the app

Download

Hik-Partner Pro

Get a better browsing experience

You are using a web browser we don’t support. Please try one of the following options to have a better experience of our web content.