• 918博天堂·(中国区)首页

    Security Notification –HTTP Buffer Overflow Vulnerability in Hikvision NVRs Devices

    Security Notification –HTTP Buffer Overflow Vulnerability in Hikvision NVRs Devices

    SN No. HSRC-201510-03

    Edit: Hikvision Security Response Center (HSRC)

    Initial Release Date:2015-11-09

    Summary

    While processing the specified HTTP requests after identity authentication (successful login with the correct username and password), buffer overflow vulnerabilities may occur for selected Hikvision NVRs. This may result in potential service interruption for users.

    This Vulnerability has been designated as Common Vulnerabilities and Exposures (CVE).

    ID No: CVE-2015-4407, CVE-2015-4408 and CVE-2015-4409.

    Impact

    By exploiting these three vulnerabilities, after successfully login to the NVRs with the correct username and password, attackers could be able to plant malicious HTTP scripts to create service interruption.

    Precondition

    NVR devices can be connected after login with correct username and password.

    Attack Step

    Attackers may send malicious HTTP scripts to selected NVR devices.

    Software Versions and Fixes

    Product Name

    Affected Versions

    Resolved Versions

    DS-76xxNI-E1/2 Series

    DS-77xxxNI-E4 Series

    v3.3.4 and earlier

    v3.4.0 and later

     

    Obtaining Fixed Firmware

    Users should download the updated firmware to guard against these potential vulnerabilities. It is available on the Hikvision official website:(Click Here).

    Contact Us

    For security problems about Hikvision products and solutions, please contact Hikvision Security Response Center at hsrc@hrbaojie.com. 

    Contact Us
    back to top

    Get a better browsing experience

    You are using a web browser we don』t support. Please try one of the following options to have a better experience of our web content.

    • browser-chorme
    • browser-edge
    • browser-safari
    • browser-firefox