Security Vulnerability in Some Hikvision Products

SN No. HSRC-202311-03

Edit: Hikvision Security Response Center (HSRC)

Initial Release Date: 2023-11-23

Summary

Some Hikvision products have been affected by an authentication bypass vulnerability in the Hik-Connect Module, which could allow remote attackers to consume services by sending crafted messages to the affected devices.

CVE ID

CVE-2023-48121

Scoring

CVSS v3.1 is adopted in this vulnerability scoring.

(http://www.first.org/cvss/specification-document)

Base score: 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N)

Affected Versions

No	Product Name	Affected Versions
1	DS-2CV1xxx	build date before 231108
2	DS-2CV2xxx	build date before 231108
3	DS-2CD1xxx	build date before 230614
4	DS-2CD2xxx	build date before 231110
5	DS-2CD2xxx-W	build date before 230831
6	DS-2CD3xxx	build date before 210429
7	HWI-xxxx	build date before 231108
8	IPC-xxx	build date before 230614
9	DS-2DE4xxx	build date before 230519
10	DS-2DE2Axx	build date before 230612
11	iDS-EXXHUH DS-EXXHGH iDS-EXXHQH DVR-EXXHUH DVR-EXXHGH DVR-EXXHQH	V4.71.210 build date before 230825
12	iDS-72XXHQH-M(C) iDS-72XXHUH-M(C) iDS-72XXHQH-M(E) iDS-72XXHUH-M(E) iDS-72XXHTH-M(C) HW-HWD-72XXMH-G4 HW-HWD-62XXMH-G4 HL-DVR-216Q-K2(E）	V4.71.110 build date before 230823
13	DS-71XXHGH-M(C) DS-72XXHGH-M(C) DS-71XXHGH-K(S) DS-72XXHGH-K(S) HL-DVR-1XXG-K(S) HL-DVR-2XXG-K(S) HL-DVR-1XXG-M(C) HL-DVR-2XXG-M(C) HW-HWD-51XXH(S) HW-HWD-51XXH-G HW-HWD-51XXMH-G iDS-71xxHQH-M(C) iDS-71xxHQH-M(E) iDS-72xxHQH-M/E(C) iDS-72xxHQH-M/E(E) HL-DVR-2XXQ-M(C) HL-DVR-2XXQ-M(E) HW-HWD-61XXMH-G4 HW-HWD-61XXMH-G4(E) iDS-71xxHUH-M(C) iDS-72xxHUH-M/E(C) iDS-71xxHUH-M(E) iDS-72xxHUH-M/E(E) HL-DVR-2XXU-M(C) HL-DVR-2XXU-M(E) HW-HWD-71XXMH-G4 HW-HWD-71XXMH-G4(E)	V4.71.131 build date before 230913
14	DS-76xxNI-Q1(/xP)(D) DS-76xxNI-Q2(/xP)(D) DS-77xxNI-Q4(/xP)(D) DS-76xxNXI-K1(/xP)(B) NVR-2xx(M)H(-xP)-C(D) NVR-1xx(M)H(-xP)-C(D) HW-HWN-42xx(M)H(-xP)(D) HW-HWN-41xx(M)H(-xP)(D)	V4.75.000 build date before 230620
15	DS-71xxNI-Q1(/xP)(/M)(D) DS-76xxNI-Q1(C) DS-76xxNI-Q2(C) DS-76xxNI-K1(C) HL-NVR-1xx(M)H-D(D) HW-HWN-21xx(M)H(-xP)(D) HW-HWN-41xxMH(C) HW-HWN-42xxMH(C) HL-NVR-1xxMH-C(C) HL-NVR-2xxMH-C(C)	V4.74.100 build date before 230707
16	DS-76xxNI-K2 DS-77xxNI-K4	V4.74.205 build date before 230712
17	HL-NVR-EXXMH-D/4P(SSD 1T) HL-NVR-EXXMH-D/4P(SSD 2T) DS-EXXNI-Q1(SSD 1T) DS-EXXNI-Q1(SSD 2T)	V4.30.075 build date before 230925

Precondition

The attacker has network access to the device.

Attack Step

Send a specially crafted malicious message.

Obtaining Fixed Version

Users can download the patch on the Hikvision official website.

Source of Vulnerability Information

The vulnerability was reported to EZVIZ Security Team by Joern (@joerngermany).

Contact Us

To report any security issues or vulnerabilities in Hikvision products and solutions, please contact Hikvision Security Response Center at hsrc@hikvision.com.

Hikvision would like to thank all security researchers for your attention to our products.