Buffer Overflow Vulnerabilities in Some Hikvision Products
SN No. HSRC-202601-01
Editar: HSRC (centro de respuesta de seguridad de Hikvision):
Fecha de publicación inicial: 2026-01-12
Resumen
(1) CVE-2025-66176 - There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.
(2) CVE-2025-66177 - There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision NVR/DVR/CVR/IPC models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.
CVE ID
CVE-2025-66176
CVE-2025-66177
Calificación
CVSS v3.1 se adopta en la puntuación de estas vulnerabilidades (http://www.first.org/cvss/specification-document)
CVE-2025-66176
Base score:8.8 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE-2025-66177
Base score:8.8 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Versiones afectadas
CVE ID |
Affected Products |
CVE-2025-66176 |
Partial Access Control Series Products |
CVE-2025-66177 |
Partial NVR, DVR, CVR, IPC Series Products |
For the specific list of affected models, please click the link to view.
Obtener versiones corregidas
Users can download patches/updates on the Hikvision official website.
Fuente de información de vulnerabilidad
CVE-2025-66176 was reported by a member of Cisco Talos Team,while CVE-2025-66177 was reported by independent security researcher Angel Lozano Alcazar and Pedro Guillen Nuñez.
Contáctenos
Para informar sobre problemas de seguridad o vulnerabilidades en los productos y soluciones de Hikvision, póngase en contacto con el Security Response Center de Hikvision escribiendo a hsrc@hikvision.com.
Hikvision desea agradecer a todos los investigadores de seguridad su atención a nuestros productos.
Declaration
This document is provided on an “AS IS” basis and without warranties of any kind, either express or implied, including but not limited to the warranties of merchantability or fitness for a particular purpose.
Hikvision or any of its directly or indirectly controlled subsidiaries or its suppliers shall not be liable for any damages arising out of or in connection with the use of this document, including direct, indirect, incidental, special, or consequential damages.
Hikvision reserves the right to revise or update this document at any time.
Este sitio web utiliza cookies para almacenar información en su dispositivo. Las cookies ayudan a que nuestro sitio web funcione normalmente y nos muestran cómo podemos mejorar su experiencia de usuario.
Al continuar navegando por el sitio, usted acepta nuestra política de cookies y nuestra política de privacidad.
New Products
HiTools Designer
Hikvision App Store
Hikvision License Activation
