Buffer Overflow Vulnerability in Hikvision NVR/DVR Devices
SN No. HSRC-202311-01
Edit: Hikvision Security Response Center (HSRC)
Initial Release Date: 2023-11-17
Summary
Hikvision has released a patch to fix a buffer overflow vulnerability in the password recovery feature of Hikvision NVR/DVR models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.
CVE ID
CVE-2023-28811
Scoring
CVSS v3.1 was used in scoring this vulnerability.
(http://www.first.org/cvss/specification-document)
Base score: 7.4 (AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)
Affected Versions and Fixes
|
Product Name |
Affected Versions |
Fix Download |
DVR |
iDS-EXXHUH DS-EXXHGH iDS-EXXHQH DVR-EXXHUH DVR-EXXHGH DVR-EXXHQH iDS-72XXHQH-M(C) iDS-72XXHUH-M(C) iDS-72XXHQH-M(E) iDS-72XXHUH-M(E) iDS-72XXHTH-M(C) HW-HWD-72XXMH-G4 HW-HWD-62XXMH-G4 HL-DVR-216Q-K2(E) DS-71XXHGH-M(C) DS-72XXHGH-M(C) DS-71XXHGH-K(S) DS-72XXHGH-K(S) HL-DVR-1XXG-K(S) HL-DVR-2XXG-K(S) HL-DVR-1XXG-M(C) HL-DVR-2XXG-M(C) HW-HWD-51XXH(S) HW-HWD-51XXH-G HW-HWD-51XXMH-G iDS-71xxHQH-M(C) iDS-71xxHQH-M(E) iDS-72xxHQH-M/E(C) iDS-72xxHQH-M/E(E) HL-DVR-2XXQ-M(C) HL-DVR-2XXQ-M(E) HW-HWD-61XXMH-G4 HW-HWD-61XXMH-G4(E) iDS-71xxHUH-M(C) iDS-72xxHUH-M/E(C) iDS-71xxHUH-M(E) iDS-72xxHUH-M/E(E) HL-DVR-2XXU-M(C) HL-DVR-2XXU-M(E) HW-HWD-71XXMH-G4 HW-HWD-71XXMH-G4(E) |
V4.1.60 build date before 20230821 |
|
NVR |
NVR-2xxMH-C(D) NVR-1xxMH-C(D) HW-HWN-42xxMH(D) HW-HWN-41xxMH(D) DS-71xxNI-Q1(C) DS-71xxNI-Q1(D) HL-NVR-1xxMH-D(C) HL-NVR-1xxMH-D(D) HW-HWN-21xxMH(C) HW-HWN-21xxMH(D) DS-76xxNI-Q1(C) DS-76xxNI-Q2(C) DS-76xxNI-K1(C) HW-HWN-41xxMH(C) HW-HWN-42xxMH(C) HL-NVR-1xxMH-C(C) HL-NVR-2xxMH-C(C) DS-77xxNI-I4(B) |
V4.1.60 build date before 20230821 |
Obtaining Fixed Versions
Users can download patches/updates on the Hikvision official website or contact support@hikvision.com.
Source of Vulnerability Information:
The vulnerability was reported to HSRC by Sergio Ruiz of the IOActive team.
Contact Us:
To report any security issues or vulnerabilities in Hikvision products and solutions, please contact the Hikvision Security Response Center at hsrc@hikvision.com.
Hikvision would like to thank all security researchers for your attention to our products.
Hikvision.com uses strictly necessary cookies and related technologies to enable the website to function. With your consent, we would also like to use cookies to observe and analyse traffic levels and other metrics / show you targeted advertising / show you advertising on the basis of your location / tailor our website's content. For more information on cookie practices please refer to our cookie policy.
HiTools Designer
Hikvision License Activation
Hikvision App Store
