1. 918博天堂·(中国区)首页

      Security Notification –Buffer Overflow Vulnerability in Hikvision DVRs Devices

      Security Notification –Buffer Overflow Vulnerability in Hikvision DVRs Devices

      SN No.:HSRC-201411-02

      Initial Release Date:2014-11-28

      Update Release Date:2014-12-06

      Summary

      While processing specified RTSP requests, buffer overflow vulnerabilities may occurs for select Hikvision DVRs, which may result in potential service interruption for users.

      These issues have been assigned Common Vulnerabilities and Exposures (CVE) ID:

      CVE-2014-4878, CVE-2014-4879 and CVE-2014-4880.

      Software Versions and Fixes

      Product Name

      Affected Version

      Resolved Version

      DS-7100HWI-SL(SH)

      V2.2.15_build 141025 and earlier versions

      V2.2.15_build 141126 and later

      DS-7100HVI-SL(SH)

      DS-7200HWI-SH(SL)

      V3.1.3_build 141103 and earlier versions

      V3.1.3_build 141126 and later

      DS-7200HFI-SH

      DS-7200HVI-SV

      DS-7200HWI-E1(/C)

      V3.1.3_build 141103 and earlier versions

      V3.1.3_build 141126 and later

      DS-7200HWI-E2(/C)

      DS-7300HWI-E4(/C)

      DS-7300HWI(HFI)-SH

      V3.1.3_build 141103 and earlier versions

      V3.1.3_build 141126 and later

      DS-7600NI-SE(/N)(/P)

      V3.0.9_build 140928 and earlier versions

      V3.0.10_build 141125 and later

      DS-7600NI-V(VP)

      DS-7600NI-E1(/N)(/P)

      V3.0.8_build 140825 and earlier versions

      V3.0.10_build 141126 and later

      DS-7600NI-E2(/N)(/P)

      DS-7700NI-E4(/N)(/P)

      DS-80/81/90/91xxHFI-ST

      V3.1.6_build 140928 and earlier versions

      V3.1.7_build 141201 and later

      DS-80/81/90/91/92xxHWI-ST

      DS-90/91xxHFI-RT

      DS-90/91xxHFI-XT

      DS-76/77/86/96xxNI-ST

      DS-96xxNI-RT

      DS-96xxNI-XT

      DS-76/77xxNI-SP

      DS-7200HWI-SV

      DS-7100HGHI-SH

      V3.1.0_build 141121 and earlier versions

      V3.1.1_build 141128 and later

      DS-7100HQHI-SH

      DS-7200HGHI-SH

      DS-7200HQHI-SH

      DS-7300HGHI-SH

      DS-7300HQHI-SH

      DS-8100HGHI-SH

      DS-8100HQHI-SH

      DS-7200HWI-Ex/C/F

      V3.1.2_build 140925

      V3.1.2_build 141206 and later

      DS-7200HVI-SH

      V2.2.4_build 130625 and earlier versions

      V2.2.4_build 141206 and later

      DS-7204HWI-SV

      DS-7300HFI-ST

      V2.1.2_build 130830 and earlier versions

      V2.1.2_build 141206 and later

      DS-7300HI-ST

      DS-8100HDI-ST

      DS-6700HWI(-SATA)

      V1.2.1 build140913 and earlier versions

      V1.2.3 build 141203 and later

      DS-6700HFI(-SATA)

      DS-7100NI-SN(/N)(/P)

      V3.0.7_build 140725 and earlier versions

      V3.0.10_build 141128 and later

      DS-7600NI-SN(/N)(/P)

      V3.0.5_build 140508

      V3.0.10_build 141127 and later

      DS-8100HCI(HFSI)(HWSI)-SH

      V3.1.3_build 141103 and earlier versions

      V3.1.3_build 141126 and later

      DS-7100NI-SL

      V2.3.4_build 131024 and earlier versions

      V3.0.10_build141224 and later

      DS-7104NI-SL/W

      V2.3.7_build140523 and earlier versions

      V2.3.8_build141224 and later

      DS-7600HI-ST

      V2.3.7_build 140904 and earlier versions

      V3.0.11_150319 and later

      DS-7200HFHI-SL(ST)(SE)

      V3.0.0_build140425 and earlier versions

      V3.0.0_build141202 and later

      DS-7300HFHI-SL(ST)

      DS-8100HFHI-SL(ST)

       

      Impact

      By exploiting these three vulnerabilities, attackers are able to plant scripts into the file system to creat service interruptions.

      Technical Details

      Precondition

      DVR devices need to be connected to a network with external access.

      Attack Step

      Attacker sends malicious scripts to DVR devices.

      Obtaining Fixed Software

      Users may download updated firmware on the Hikvision official website:(Click Here).

      Contacts Method

      For security problems with Hikvision products and solutions, please contact : hsrc@hrbaojie.com.

      Contact Us
      Hik-Partner Pro close
      Hik-Partner Pro
      Hik-Partner Pro
      Scan and download the app
      Download
      Hik-Partner Pro
      Hik-Partner Pro
      back to top

      Get a better browsing experience

      You are using a web browser we don』t support. Please try one of the following options to have a better experience of our web content.

      • browser-chorme
      • browser-edge
      • browser-safari
      • browser-firefox