Privilege-Escalating Vulnerability in Certain Hikvision IP Cameras

March 13, 2017 Views:10

SN No. HSRC-201703-04
Edit: Hikvision Security Response Center (HSRC)
Initial Release Date: 2017-03-10
Update Release Date: 2017-03-12

Summary

While processing a specified request code, the user privilege-escalating vulnerability may occur for select Hikvision IP cameras with particular firmware version.
This vulnerability was discovered, and until now, has not been designated as Common Vulnerabilities and Exposures (CVE).

Impact

By exploiting this vulnerability, attackers could obtain an unauthorized escalated additional user privilege to acquire or tamper with the device information.
Affected Software Versions and Fixes

Product NameAffected VersionsResolved Versions

Where to

update firmware

DS-2CD2xx2F-I

Series

V5.2.0 build 140721 to V5.4.0 Build 160530

V5.4.41 build 170310

and later

Download link

DS-2CD2xx0

Series

V5.2.0 build 140721 to V5.4.4 Build 161107

V5.4.41 build 170309

and later

Download link

DS-2CD4x2xFWD

Series

V5.2.0 build 140721 to V5.4.0 Build 160414

V5.4.41 build 170310

and later

Download link

DS-2CD4xx5

Series

V5.2.0 build 140721 to V5.4.0 Build 160421

V5.4.41 build 170309

and later

Download link

DS-2CD2xx2FWD

Series

V5.3.1 build 150410 to V5.4.4 Build 161125

V5.4.41 build 170309

and later

Download link

DS-2DEx

Series

V5.2.0 build 140807 to V5.3.9 Build 150910

V5.4.71 build 170309

and later

Download link

DS-2DFx

Series

V5.2.0 build 140805 to V5.4.5 Build 160928

V5.4.71 build 170309

and later

Download link

Solution

Update devices with the correct firmware.

Contact Us

If you have a security problem or concern, please contact Hikvision Security Response Center at hsrc@hikvision.com.