Security Notification:

Privilege-Escalating Vulnerability in Certain Hikvision IP Cameras

 

SNNo. HSRC-201703-04

Edit: Hikvision Security Response Center (HSRC)

InitialRelease Date: 2017-03-10

UpdateRelease Date: 2017-03-12

 

  • Summary

While processing a specified request code, the user privilege-escalating vulnerability may occur for select Hikvision IP cameras with particular firmware version.  

This vulnerability was discovered, and until now, has not been designated as Common Vulnerabilities and Exposures (CVE).

 

  •   Impact

By exploiting this vulnerability, attackers could obtain an unauthorized escalated additional user privilege to acquire or tamper with the device information.

 

  • Affected Software Versions and Fixes


Product Name

Affected Versions

Resolved Versions

Where to update firmware

DS-2CD2xx2F-I Series

V5.2.0 build 140721 to V5.4.0 Build 160530

 

 

V5.4.5 Build 170123 and later

 

Download Link

DS-2CD2xx0F-I Series

V5.2.0 build 140721 to V5.4.0 Build 160401

V5.4.5 Build 170123 and later

 

Download Link

DS-2CD2xx2FWD Series

V5.3.1 build 150410 to V5.4.4 Build 161125

V5.4.5 Build 170124 and later

 

Download Link

DS-2CD4x2xFWD Series

V5.2.0 build 140721 to V5.4.0 Build 160414

V5.4.5 Build 170228 and later

 

Download Link

 

DS-2CD4xx5 Series

V5.2.0 build 140721 to V5.4.0 Build 160421

V5.4.5 Build 170302 and later

 

Download Link

 

 

 

DS-2DFx Series

V5.2.0 build 140805 to V5.4.5 Build 160928

V5.4.9 Build 170123 and later

 

 

 

Download Link

 

DS-2CD63xx Series

V5.0.9 build 140305 to V5.3.5 Build 160106

V 5.4.5 Build 170206 and later

 

 

 

Download Link

 

  • Solution

Update devices with the correct firmware.

 

  • ContactUs

Should you have a security problem orconcern, please contact Hikvision Security Response Center at hsrc@hikvision.com.