• 918博天堂·(中国区)首页

    Security Notification: Privilege-Escalating Vulnerability in Certain Hikvision IP Cameras

    Security Notification: Privilege-Escalating Vulnerability in Certain Hikvision IP Cameras

    SN No. HSRC-201703-04

    Edit: Hikvision Security Response Center (HSRC)

    Initial Release Date: 2017-03-10

    Update Release Date: 2017-03-12

    Summary

    While processing a specified request code, the user privilege-escalating vulnerability may occur for select Hikvision IP cameras with particular firmware version.  

    CVE ID

    CVE-2017-7921; CVE-2017-7923

    Impact

    By exploiting this vulnerability, attackers could obtain an unauthorized escalated additional user privilege to acquire or tamper with the device information.

    Affected Software Versions and Fixes

    Product Name

    Affected Versions

    Resolved Versions

    Where to update firmware

    DS-2CD2xx2F-I Series

    V5.2.0 build 140721 to V5.4.0 build 160530

    V5.4.41 build 170310 and later

    Download link

    DS-2CD2xx0 Series

    V5.2.0 build 140721 to V5.4.4 build 161107

    V5.4.41 build 170309 and later

    Download link

    DS-2CD4x2xFWD Series

    V5.2.0 build 140721 to V5.4.0 build 160414

    V5.4.41 build 170310 and later

    Download link

    DS-2CD4xx5 Series

    V5.2.0 build 140721 to V5.4.0 build 160421

    V5.4.41 build 170309 and later

    Download link

    DS-2CD2xx2FWD Series

    V5.3.1 build 150410 to V5.4.4 build 161125

    V5.4.41 build 170309 and later

    Download link

    DS-2DEx Series

    V5.2.0 build 140807 to V5.3.9 build 150910

    V5.4.71 build 170309 and later

    Download link

    DS-2DFx Series

    V5.2.0 build 140805 to V5.4.5 build 160928

    V5.4.71 build 170309 and later

    Download link

     

    Solution

    Update devices with the correct firmware.

    Contact Us

    Should you have a security problem or concern, please contact Hikvision Security Response Center at hsrc@hrbaojie.com.

    Contactez-Nous

    Get a better browsing experience

    You are using a web browser we don’t support. Please try one of the following options to have a better experience of our web content.