SN No. HSRC-202311-01
Edit: Hikvision Security Response Center (HSRC)
Initial Release Date: 2023-11-17
Summary
Hikvision has released a patch to fix a buffer overflow vulnerability in the password recovery feature of Hikvision NVR/DVR models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.
CVE ID
CVE-2023-28811
Scoring
CVSS v3.1 was used in scoring this vulnerability.
(http://www.first.org/cvss/specification-document)
Base score: 7.4 (AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)
Affected Versions and Fixes
|
Product Name
|
Affected Versions
|
Fix Download
|
DVR
|
iDS-EXXHUH
DS-EXXHGH
iDS-EXXHQH
DVR-EXXHUH
DVR-EXXHGH
DVR-EXXHQH
iDS-72XXHQH-M(C)
iDS-72XXHUH-M(C)
iDS-72XXHQH-M(E)
iDS-72XXHUH-M(E)
iDS-72XXHTH-M(C)
HW-HWD-72XXMH-G4
HW-HWD-62XXMH-G4
HL-DVR-216Q-K2(E)
DS-71XXHGH-M(C)
DS-72XXHGH-M(C)
DS-71XXHGH-K(S)
DS-72XXHGH-K(S)
HL-DVR-1XXG-K(S)
HL-DVR-2XXG-K(S)
HL-DVR-1XXG-M(C)
HL-DVR-2XXG-M(C)
HW-HWD-51XXH(S)
HW-HWD-51XXH-G
HW-HWD-51XXMH-G
iDS-71xxHQH-M(C)
iDS-71xxHQH-M(E)
iDS-72xxHQH-M/E(C)
iDS-72xxHQH-M/E(E)
HL-DVR-2XXQ-M(C)
HL-DVR-2XXQ-M(E)
HW-HWD-61XXMH-G4
HW-HWD-61XXMH-G4(E)
iDS-71xxHUH-M(C)
iDS-72xxHUH-M/E(C)
iDS-71xxHUH-M(E)
iDS-72xxHUH-M/E(E)
HL-DVR-2XXU-M(C)
HL-DVR-2XXU-M(E)
HW-HWD-71XXMH-G4
HW-HWD-71XXMH-G4(E)
|
Build date before 230821(Version before V4.1.60 are not affected)
|
Version build date after 230821
|
NVR
|
NVR-2xxMH-C(D)
NVR-1xxMH-C(D)
HW-HWN-42xxMH(D)
HW-HWN-41xxMH(D)
DS-71xxNI-Q1(C)
DS-71xxNI-Q1(D)
HL-NVR-1xxMH-D(C)
HL-NVR-1xxMH-D(D)
HW-HWN-21xxMH(C)
HW-HWN-21xxMH(D)
DS-76xxNI-Q1(C)
DS-76xxNI-Q2(C)
DS-76xxNI-K1(C)
HW-HWN-41xxMH(C)
HW-HWN-42xxMH(C)
HL-NVR-1xxMH-C(C)
HL-NVR-2xxMH-C(C)
DS-77xxNI-I4(B)
|
Build date before 230821(Version before V4.1.60 are not affected)
|
Version build date after 230821
|
Obtaining Fixed Versions
Users can download patches/updates on the Hikvision official website or contact support@hikvision.com.
Source of Vulnerability Information:
The vulnerability was reported to HSRC by Sergio Ruiz of the IOActive team.
Contact Us:
To report any security issues or vulnerabilities in Hikvision products and solutions, please contact the Hikvision Security Response Center at hsrc@hikvision.com.
Hikvision would like to thank all security researchers for your attention to our products.
2023-11-17 V1.0 INITIAL
2023-11-29 V1.1 UPDATED: Updated Affected Versions
제품 셀렉터
하이크비전 앱스토어
Hikvision License Activation
