Security Vulnerability in Some Hikvision Products

Security Vulnerability in Some Hikvision Products

SN No. HSRC-202311-03

 

Edit: Hikvision Security Response Center (HSRC)

 

Initial Release Date: 2023-11-23

 

Summary

Some Hikvision products have been affected by an authentication bypass vulnerability in the Hik-Connect Module, which could allow remote attackers to consume services by sending crafted messages to the affected devices.

 

CVE ID

CVE-2023-48121

 

Scoring

CVSS v3.1 is adopted in this vulnerability scoring.

 

(http://www.first.org/cvss/specification-document)

 

Base score: 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N)

 

Affected Versions

No

Product Name

Affected Versions

1

DS-2CV1xxx

build date before 231108

2

DS-2CV2xxx

build date before 231108

3

DS-2CD1xxx

build date before 230614

4

DS-2CD2xx1

DS-2CD2xx3

DS-2CD2xx6

DS-2CD2xx7

build date before 230630

5 DS-2CD2xx2
DS-2CD2xx0

build date before 231110

6

DS-2CD2xxx-W

build date before 230831

7

DS-2CD3xxx

build date before 210429

8

HWI-xxxx

build date before 231108

9

IPC-xxx

build date before 230614

10

DS-2DE4xxx

build date before 230519

11

DS-2DE2Axx

build date before 230612

12

iDS-EXXHUH
DS-EXXHGH
iDS-EXXHQH
DVR-EXXHUH

build date before 230825 

13

iDS-72XXHQH-M(C)
iDS-72XXHUH-M(C)
iDS-72XXHQH-M(E)
iDS-72XXHUH-M(E)
iDS-72XXHTH-M(C)
HW-HWD-72XXMH-G4
HW-HWD-62XXMH-G4
HL-DVR-216Q-K2(E)

build date before 230823

14

DS-71XXHGH-M(C)
DS-72XXHGH-M(C)
DS-71XXHGH-K(S)
DS-72XXHGH-K(S)
HL-DVR-1XXG-K(S)
HL-DVR-2XXG-K(S)
HL-DVR-1XXG-M(C)
HL-DVR-2XXG-M(C)
HW-HWD-51XXH(S)
HW-HWD-51XXH-G
HW-HWD-51XXMH-G
iDS-71xxHQH-M(C)
iDS-71xxHQH-M(E)
iDS-72xxHQH-M/E(C)
iDS-72xxHQH-M/E(E)
HL-DVR-2XXQ-M(C)
HL-DVR-2XXQ-M(E)
HW-HWD-61XXMH-G4
HW-HWD-61XXMH-G4(E)
iDS-71xxHUH-M(C)
iDS-72xxHUH-M/E(C)
iDS-71xxHUH-M(E)
iDS-72xxHUH-M/E(E)
HL-DVR-2XXU-M(C)
HL-DVR-2XXU-M(E)
HW-HWD-71XXMH-G4
HW-HWD-71XXMH-G4(E)

build date before 230913

15

DS-76xxNI-Q1(/xP)(D)
DS-76xxNI-Q2(/xP)(D)
DS-77xxNI-Q4(/xP)(D)
DS-76xxNXI-K1(/xP)(B)
NVR-2xx(M)H(-xP)-C(D)
NVR-1xx(M)H(-xP)-C(D)
HW-HWN-42xx(M)H(-xP)(D)
HW-HWN-41xx(M)H(-xP)(D)

build date before 230620

16

DS-71xxNI-Q1(/xP)(/M)(D)
DS-76xxNI-Q1(C)
DS-76xxNI-Q2(C)
DS-76xxNI-K1(C)
HL-NVR-1xx(M)H-D(D)
HW-HWN-21xx(M)H(-xP)(D)
HW-HWN-41xxMH(C)
HW-HWN-42xxMH(C)
HL-NVR-1xxMH-C(C)
HL-NVR-2xxMH-C(C)

build date before 230707

17

DS-76xxNI-K2
DS-77xxNI-K4

build date before 230712

18

HL-NVR-EXXMH-D/4P(SSD 1T)
HL-NVR-EXXMH-D/4P(SSD 2T)
DS-EXXNI-Q1(SSD 1T)
DS-EXXNI-Q1(SSD 2T)

build date before 230925

 

 

Precondition

The attacker has network access to the device.

 

Attack Step

Send a specially crafted malicious message.

 

Obtaining Fixed Version

Users can download the patch on the Hikvision official website.

 

Source of Vulnerability Information

The vulnerability was reported to EZVIZ Security Team by Joern (@joerngermany).

 

Contact Us

To report any security issues or vulnerabilities in Hikvision products and solutions, please contact Hikvision Security Response Center at hsrc@hikvision.com.

Hikvision would like to thank all security researchers for your attention to our products.

 

2023-11-23 V1.0 INITIAL

2023-11-29 V1.1 UPDATED: Updated Affected Versions

Hikvision.com uses strictly necessary cookies and related technologies to enable the website to function. With your consent, we would also like to use cookies to observe and analyse traffic levels and other metrics / show you targeted advertising / show you advertising on the basis of your location / tailor our website's content. For more information on cookie practices please refer to our cookie policy.

 

Contact Us
Hik-Partner Pro close
Hik-Partner Pro
Security Business Assistant. At Your Fingertips. Learn more
Hik-Partner Pro
Scan and download the app
Hik-Partner Pro
Hik-Partner Pro

Get a better browsing experience

You are using a web browser we don’t support. Please try one of the following options to have a better experience of our web content.