Security Vulnerability in Some Hikvision Products

SN No. HSRC-202311-03

Edit: Hikvision Security Response Center (HSRC)

Initial Release Date: 2023-11-23

Summary

Some Hikvision products have been affected by an authentication bypass vulnerability in the Hik-Connect Module, which could allow remote attackers to consume services by sending crafted messages to the affected devices.

CVE ID

CVE-2023-48121

Scoring

CVSS v3.1 is adopted in this vulnerability scoring.

(http://www.first.org/cvss/specification-document)

Base score: 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N)

Affected Versions

No	Product Name	Affected Versions
1	DS-2CV1xxx	build date before 231108
2	DS-2CV2xxx	build date before 231108
3	DS-2CD1xxx	build date before 230614
4	DS-2CD2xx1 DS-2CD2xx3 DS-2CD2xx6 DS-2CD2xx7	build date before 230630
5	DS-2CD2xx2 DS-2CD2xx0	build date before 231110
6	DS-2CD2xxx-W	build date before 230831
7	DS-2CD3xxx	build date before 210429
8	HWI-xxxx	build date before 231108
9	IPC-xxx	build date before 230614
10	DS-2DE4xxx	build date before 230519
11	DS-2DE2Axx	build date before 230612
12	iDS-EXXHUH DS-EXXHGH iDS-EXXHQH DVR-EXXHUH DVR-EXXHGH DVR-EXXHQH	V4.71.210 build date before 230825
13	iDS-72XXHQH-M(C) iDS-72XXHUH-M(C) iDS-72XXHQH-M(E) iDS-72XXHUH-M(E) iDS-72XXHTH-M(C) HW-HWD-72XXMH-G4 HW-HWD-62XXMH-G4 HL-DVR-216Q-K2(E）	V4.71.110 build date before 230823
14	DS-71XXHGH-M(C) DS-72XXHGH-M(C) DS-71XXHGH-K(S) DS-72XXHGH-K(S) HL-DVR-1XXG-K(S) HL-DVR-2XXG-K(S) HL-DVR-1XXG-M(C) HL-DVR-2XXG-M(C) HW-HWD-51XXH(S) HW-HWD-51XXH-G HW-HWD-51XXMH-G iDS-71xxHQH-M(C) iDS-71xxHQH-M(E) iDS-72xxHQH-M/E(C) iDS-72xxHQH-M/E(E) HL-DVR-2XXQ-M(C) HL-DVR-2XXQ-M(E) HW-HWD-61XXMH-G4 HW-HWD-61XXMH-G4(E) iDS-71xxHUH-M(C) iDS-72xxHUH-M/E(C) iDS-71xxHUH-M(E) iDS-72xxHUH-M/E(E) HL-DVR-2XXU-M(C) HL-DVR-2XXU-M(E) HW-HWD-71XXMH-G4 HW-HWD-71XXMH-G4(E)	V4.71.131 build date before 230913
		V4.71.131 build date before 230913
15	DS-76xxNI-Q1(/xP)(D) DS-76xxNI-Q2(/xP)(D) DS-77xxNI-Q4(/xP)(D) DS-76xxNXI-K1(/xP)(B) NVR-2xx(M)H(-xP)-C(D) NVR-1xx(M)H(-xP)-C(D) HW-HWN-42xx(M)H(-xP)(D) HW-HWN-41xx(M)H(-xP)(D)	V4.75.000 build date before 230620
16	DS-71xxNI-Q1(/xP)(/M)(D) DS-76xxNI-Q1(C) DS-76xxNI-Q2(C) DS-76xxNI-K1(C) HL-NVR-1xx(M)H-D(D) HW-HWN-21xx(M)H(-xP)(D) HW-HWN-41xxMH(C) HW-HWN-42xxMH(C) HL-NVR-1xxMH-C(C) HL-NVR-2xxMH-C(C)	V4.74.100 build date before 230707
17	DS-76xxNI-K2 DS-77xxNI-K4	V4.74.205 build date before 230712
18	HL-NVR-EXXMH-D/4P(SSD 1T) HL-NVR-EXXMH-D/4P(SSD 2T) DS-EXXNI-Q1(SSD 1T) DS-EXXNI-Q1(SSD 2T)	V4.30.075 build date before 230925

Precondition

The attacker has network access to the device.

Attack Step

Send a specially crafted malicious message.

Obtaining Fixed Version

Users can download the patch on the Hikvision official website.

Source of Vulnerability Information

The vulnerability was reported to EZVIZ Security Team by Joern (@joerngermany).

Contact Us

To report any security issues or vulnerabilities in Hikvision products and solutions, please contact Hikvision Security Response Center at hsrc@hikvision.com.

Hikvision would like to thank all security researchers for your attention to our products.

2023-11-23 V1.0 INITIAL

2023-11-29 V1.1 UPDATED: Updated Affected Versions

Hik-Partner Pro

Security Business Assistant. At Your Fingertips. Learn more

Scan and download the app

Download

Hik-Partner Pro

Get a better browsing experience

You are using a web browser we don’t support. Please try one of the following options to have a better experience of our web content.