当サイトでは、ウェブサイト機能向上に必要なCookie(クッキー)を使用しています。お客様に弊社ウェブサイトを快適にご利用いただくために、新たなCookieの使用をご理解いただけると幸いです。詳しい情報は、クッキーポリシーでご確認ください。
Security Notification –Buffer Overflow Vulnerability in Hikvision DVRs Devices
SN No.:HSRC-201411-02
Initial Release Date:2014-11-28
Update Release Date:2014-12-06
Summary
While processing specified RTSP requests, buffer overflow vulnerabilities may occurs for select Hikvision DVRs, which may result in potential service interruption for users.
These issues have been assigned Common Vulnerabilities and Exposures (CVE) ID:
CVE-2014-4878, CVE-2014-4879 and CVE-2014-4880.
Software Versions and Fixes
Product Name |
Affected Version |
Resolved Version |
DS-7100HWI-SL(SH) |
V2.2.15_build 141025 and earlier versions |
V2.2.15_build 141126 and later |
DS-7100HVI-SL(SH) |
||
DS-7200HWI-SH(SL) |
V3.1.3_build 141103 and earlier versions |
V3.1.3_build 141126 and later |
DS-7200HFI-SH |
||
DS-7200HVI-SV |
||
DS-7200HWI-E1(/C) |
V3.1.3_build 141103 and earlier versions |
V3.1.3_build 141126 and later |
DS-7200HWI-E2(/C) |
||
DS-7300HWI-E4(/C) |
||
DS-7300HWI(HFI)-SH |
V3.1.3_build 141103 and earlier versions |
V3.1.3_build 141126 and later |
DS-7600NI-SE(/N)(/P) |
V3.0.9_build 140928 and earlier versions |
V3.0.10_build 141125 and later |
DS-7600NI-V(VP) |
||
DS-7600NI-E1(/N)(/P) |
V3.0.8_build 140825 and earlier versions |
V3.0.10_build 141126 and later |
DS-7600NI-E2(/N)(/P) |
||
DS-7700NI-E4(/N)(/P) |
||
DS-80/81/90/91xxHFI-ST |
V3.1.6_build 140928 and earlier versions |
V3.1.7_build 141201 and later |
DS-80/81/90/91/92xxHWI-ST |
||
DS-90/91xxHFI-RT |
||
DS-90/91xxHFI-XT |
||
DS-76/77/86/96xxNI-ST |
||
DS-96xxNI-RT |
||
DS-96xxNI-XT |
||
DS-76/77xxNI-SP |
||
DS-7200HWI-SV |
||
DS-7100HGHI-SH |
V3.1.0_build 141121 and earlier versions |
V3.1.1_build 141128 and later |
DS-7100HQHI-SH |
||
DS-7200HGHI-SH |
||
DS-7200HQHI-SH |
||
DS-7300HGHI-SH |
||
DS-7300HQHI-SH |
||
DS-8100HGHI-SH |
||
DS-8100HQHI-SH |
||
DS-7200HWI-Ex/C/F |
V3.1.2_build 140925 |
V3.1.2_build 141206 and later |
DS-7200HVI-SH |
V2.2.4_build 130625 and earlier versions |
V2.2.4_build 141206 and later |
DS-7204HWI-SV |
||
DS-7300HFI-ST |
V2.1.2_build 130830 and earlier versions |
V2.1.2_build 141206 and later |
DS-7300HI-ST |
||
DS-8100HDI-ST |
||
DS-6700HWI(-SATA) |
V1.2.1 build140913 and earlier versions |
V1.2.3 build 141203 and later |
DS-6700HFI(-SATA) |
||
DS-7100NI-SN(/N)(/P) |
V3.0.7_build 140725 and earlier versions |
V3.0.10_build 141128 and later |
DS-7600NI-SN(/N)(/P) |
V3.0.5_build 140508 |
V3.0.10_build 141127 and later |
DS-8100HCI(HFSI)(HWSI)-SH |
V3.1.3_build 141103 and earlier versions |
V3.1.3_build 141126 and later |
DS-7100NI-SL |
V2.3.4_build 131024 and earlier versions |
V3.0.10_build141224 and later |
DS-7104NI-SL/W |
V2.3.7_build140523 and earlier versions |
V2.3.8_build141224 and later |
DS-7600HI-ST |
V2.3.7_build 140904 and earlier versions |
V3.0.11_150319 and later |
DS-7200HFHI-SL(ST)(SE) |
V3.0.0_build140425 and earlier versions |
V3.0.0_build141202 and later |
DS-7300HFHI-SL(ST) |
||
DS-8100HFHI-SL(ST) |
Impact
By exploiting these three vulnerabilities, attackers are able to plant scripts into the file system to creat service interruptions.
Technical Details
Precondition
DVR devices need to be connected to a network with external access.
Attack Step
Attacker sends malicious scripts to DVR devices.
Obtaining Fixed Software
Users may download updated firmware on the Hikvision official website:(Click Here).
Contacts Method
For security problems with Hikvision products and solutions, please contact : hsrc@hikvision.com.
当サイトでは、ウェブサイト機能向上に必要なCookie(クッキー)を使用しています。お客様に弊社ウェブサイトを快適にご利用いただくために、新たなCookieの使用をご理解いただけると幸いです。詳しい情報は、クッキーポリシーでご確認ください。