Serial Port Privilege Escalation Vulnerabilities in Some Hikvision DVR Devices

Products

Solutions

Other

Products
Product Selector

Find the right Hikvision products for your needs!

View All

Accessory Selector

Use the search criteria to find all available accessories for your camera model.

View All

HiTools Designer

Hikvision’s practical online tool that will assist you in every step of designing and launching a security system.

View All
Solutions
Condominiums

SMB Solution for Condominiums delivers unified video security and smooth access control, streamlining daily operations through automated monitoring & alerts, centralized and digital management.

View All

Perimeter Protection

Hikvision offers diversified perimeter protection solutions which boast highly-effective false alarm reduction.

View All

Shops

SMB Solution for Shops offers reliable video security and access solutions for daily management, combining Hikvision’s cutting-edge technologies and analytics can result in a well-designed in-store layout and better customer flow.

View All
Support
Easy-to-use Tips for NVRs & DVRs

Here you can find expert tips for NVRs or DVRs, like Hikvision DVR password reset, NVR installation, and more.

View All

How To Video

Watch tutorial videos about how to use Hikvision products. Click to learn more.

View All
Technologies
Guanlan Large-scale AI Models

Guanlan Large AI Models, powerful AI at the system edge! Guanlan is Hikvision’s proprietary suite of large-scale AI models, designed to revolutionize the AI-powered Internet of Things (AIoT) technology ecosystem.

View All
Partners
Hik-Partner Pro

The Hik-Partner Pro(HPP) one-stop security service platform gives Hikvision’s partners easy access to all Hikvision product information, promotions, and marketing handouts.

View All

Hikvision Embedded Open Platform 2.0 (HEOP)

Hikvision Embedded Open Platform (HEOP) enables technology partners to develop and run their own applications on Hikvision's hardware.

View All
Commercial Display

Global - EN

Global

Global - English

Asia

Europe

Oceania

ANZ - English

Latin America

North America

Middle East and Africa

SN No. HSRC-202512-01

Edit: Hikvision Security Response Center (HSRC)

Initial Release Date: 2025-12-19

Summary

(1) CVE-2025-66173 – There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and gaining access to an unrestricted shell environment.

(2) CVE-2025-66174 – There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and run a series of commands.

Scoring

CVSS v3.1 is adopted in scoring these vulnerabilities

(http://www.first.org/cvss/specification-document)

CVE-2025-66173

Base score: 6.2 (CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

CVE-2025-66174

Base score: 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)

Affected Versions and Fix

Product Name

CVE ID

Affected Versions

Fixed Version

DS-7104HGHI-F1

CVE-2025-66173、CVE-2025-66174

Versions below V4.30.122_201107 (including V4.30.122_201107)

Click to download

DS-7204HGHI-F1

CVE-2025-66173、CVE-2025-66174

Versions below V4.30.122_201107 (including V4.30.122_201107)

Click to download

Source of vulnerability information

These vulnerabilities were reported to HSRC by Aaron J Jose in India, and we also want to acknowledge the cooperation of the National Computer Emergency Response Team of India (CERT-In) who coordinated with us to handle this vulnerability.

Contact Us

To report any security issues or vulnerabilities in Hikvision products and solutions, please contact Hikvision Security Response Center at hsrc@hikvision.com.

Hikvision would like to thank all security researchers for your attention to our products.

Declaration

This document is provided on an “AS IS” basis and without warranties of any kind, either express or implied, including but not limited to the warranties of merchantability or fitness for a particular purpose.

Hikvision or any of its directly or indirectly controlled subsidiaries or its suppliers shall not be liable for any damages arising out of or in connection with the use of this document, including direct, indirect, incidental, special, or consequential damages.

Hikvision reserves the right to revise or update this document at any time.

Hik-Partner Pro

Security Business Assistant. At Your Fingertips. Learn more

Scan and download the app

Download

Hik-Partner Pro

Get a better browsing experience

You are using a web browser we don’t support. Please try one of the following options to have a better experience of our web content.