Security Notification –HTTP Buffer Overflow Vulnerability in Hikvision NVRs Devices

Security Notification –HTTP Buffer Overflow Vulnerability in Hikvision NVRs Devices

SN No. HSRC-201510-03

Edit: Hikvision Security Response Center (HSRC)

Initial Release Date:2015-11-09

Summary

While processing the specified HTTP requests after identity authentication (successful login with the correct username and password), buffer overflow vulnerabilities may occur for selected Hikvision NVRs. This may result in potential service interruption for users.

This Vulnerability has been designated as Common Vulnerabilities and Exposures (CVE).

ID No: CVE-2015-4407, CVE-2015-4408 and CVE-2015-4409.

Impact

By exploiting these three vulnerabilities, after successfully login to the NVRs with the correct username and password, attackers could be able to plant malicious HTTP scripts to create service interruption.

Precondition

NVR devices can be connected after login with correct username and password.

Attack Step

Attackers may send malicious HTTP scripts to selected NVR devices.

Software Versions and Fixes

Product Name

Affected Versions

Resolved Versions

DS-76xxNI-E1/2 Series

DS-77xxxNI-E4 Series

v3.3.4 and earlier

v3.4.0 and later

 

Obtaining Fixed Firmware

Users should download the updated firmware to guard against these potential vulnerabilities. It is available on the Hikvision official website:(Click Here).

Contact Us

For security problems about Hikvision products and solutions, please contact Hikvision Security Response Center at hsrc@hikvision.com. 

이 웹사이트는 웹사이트가 정상적으로 작동 할 수 있도록 필요한 쿠키를 사용합니다. 당사 웹사이트에서 최상의 경험을 제공하기 위해 추가 쿠키를 사용하고자 합니다. 더 많은 정보를 위해, 쿠키 정책을 확인하세요.

문의하기
back to top
Top