While processing the specified HTTP requests after identity authentication (successful login with the correct username and password), buffer overflow vulnerabilities may occur for selected Hikvision NVRs. This may result in potential service interruption for users.
This Vulnerability has been designated as Common Vulnerabilities and Exposures (CVE).
ID No: CVE-2015-4407, CVE-2015-4408 and CVE-2015-4409.
By exploiting these three vulnerabilities, after successfully login to the NVRs with the correct username and password, attackers could be able to plant malicious HTTP scripts to create service interruption.
NVR devices can be connected after login with correct username and password.
Attackers may send malicious HTTP scripts to selected NVR devices.
Software Versions and Fixes