This website uses cookies to store info on your device. Cookies help our website work normally and show us how we can improve your user experience.
By continuing to browse the site you are agreeing to our cookie policy and privacy policy.

Contact Us
Security Notification- Buffer Overflow Vulnerability in Some Hikvision IP Cameras

SN No. HSRC-201808-01

Edit: Hikvision Security Response Center (HSRC)

Initial Release Date: 2018-08-13

Update Date: 2018-08-23

Summary

A buffer overflow vulnerability in the web server of some Hikvision IP Cameras allows an attacker to send a specially crafted message to affected devices. Due to the insufficient input validation, successful exploit can corrupt memory and lead to arbitrary code execution or crash the process.  

CVE ID

CVE-2018-6414

Scoring

CVSS v3 is adopted in this vulnerability scoring(http://www.first.org/cvss/specification-document)

Base score: 8.9 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H)

Temporal score: 8.0 (E:P/RL:O/RC:C)

Affected Versions and Fixes

IPC:

Product Name

Affected Versions

Resolved Versions

Where to update firmware

DS-2CD2xx5
DS-2CD2xx3

V5.5.0 build170725 to V5.5.52 build180511

V5.5.61 build180718  and later

Download link

DS-2CD3xxx

V5.5.0 build170725 to V5.5.60 build180515

V5.5.61 build180718  and later

Download link

DS-2CD1X43
DS-2CD1X53

V5.5.2 build170920 to V5.5.52 build180523

V5.5.53 build180716  and later

Download link

DS-2CD2X12FWD
DS-2CD2X22FWD
DS-2CD2X42FWD
DS-2CD2X52F

 

V5.5.0 build170725 to V5.5.52 build180427

 

V5.5.53 build180730  and later

Download link

DS-2CD4x26EFWD
DS-2CD4BxxFWD
DS-2CD4CxxFWD
DS-2CD4DxxFWD
DS-2XMxxxx

V5.5.0 build170914 to V5.5.52 build180601

V5.5.53 build180719  and later

Download link

DS-2CD1x01-I

V5.5.5 build180207 to V5.5.52 build180620

V5.5.53 build180717  and later

Download link

DS-2CD1x23

V5.5.2 build171013 to V5.5.52 build180522

V5.5.53 build180713  and later

Download link

DS-2CD1x21

V5.5.4 build180104 to V5.5.52 build180626

V5.5.53 build180717  and later

Download link

HiLook:

Product Name

Affected Versions

Resolved Versions

Where to update firmware

IPC-B100
IPC-D100

V5.5.5 build180207 to V5.5.52 build180620

V5.5.53 build180717  and later

Download link

IPC-x120H
IPC-T220H

V5.5.2 build171013 to V5.5.52 build180522

V5.5.53 build180713  and later

Download link

IPD*:

Product Name

Affected Versions

Resolved Versions

Where to update firmware

DS-2DF5xxx
DS-2DF6xxx
DS-2DF7xxx
DS-2DF8xxx
DS-2DT6223

V5.5.2 build171201 and previous versions*

V5.5.71 build180723  and later

Download link

DS-2DE4xxxW
DS-2DE5xxxW
DS-2DE7xxxW

V5.5.6 build180408 and previous versions*

V5.5.71 build180725  and later

Download link

 

* 2018/08/23 update: The affected version of IPD doesn't include V5.4.0 and previous versions. 

 

Obtaining fixed firmware:

Users should download the updated firmware to guard against this potential vulnerability. It is available on the Hikvision official website.

Source of vulnerability information

This vulnerability is reported to HSRC by Ori Hollander of VDOO Connected Trust LTD., an Israeli security company focuses on IoT security.

Contact Us

Should you have a security problem or concern, please contact Hikvision Security Response Center at hsrc@hikvision.com.