Buffer Overflow Vulnerabilities in Some Hikvision Products
SN No. HSRC-202601-01
Editar: Centro de Resposta à Segurança da Hikvision (HSRC)
Data de publicação original: 2026-01-12
Resumo
(1) CVE-2025-66176 - There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.
(2) CVE-2025-66177 - There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision NVR/DVR/CVR/IPC models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.
ID DO CVE
CVE-2025-66176
CVE-2025-66177
Pontuação
O CVSS v3.1 é adotado para classificar estas vulnerabilidades (http://www.first.org/cvss/specification-document)
CVE-2025-66176
Base score:8.8 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE-2025-66177
Base score:8.8 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Versões afetadas
ID DO CVE |
Affected Products |
CVE-2025-66176 |
Partial Access Control Series Products |
CVE-2025-66177 |
Partial NVR, DVR, CVR, IPC Series Products |
For the specific list of affected models, please click the link to view.
Obtenção de versões corrigidas
Users can download patches/updates on the Hikvision official website.
Fonte de informação sobre a vulnerabilidade
CVE-2025-66176 was reported by a member of Cisco Talos Team,while CVE-2025-66177 was reported by independent security researcher Angel Lozano Alcazar and Pedro Guillen Nuñez.
Contacte-nos
Para comunicar problemas ou vulnerabilidades de segurança em produtos e soluções Hikvision, contacte o Centro de Resposta à Segurança da Hikvision em hsrc@hikvision.com.
A Hikvision gostaria de agradecer a todos os investigadores de segurança pela vossa atenção aos nossos produtos.
Declaration
This document is provided on an “AS IS” basis and without warranties of any kind, either express or implied, including but not limited to the warranties of merchantability or fitness for a particular purpose.
Hikvision or any of its directly or indirectly controlled subsidiaries or its suppliers shall not be liable for any damages arising out of or in connection with the use of this document, including direct, indirect, incidental, special, or consequential damages.
Hikvision reserves the right to revise or update this document at any time.
Este site usa cookies para armazenar informações em seu dispositivo. Os cookies ajudam nosso site a funcionar normalmente e nos mostram como podemos melhorar sua experiência de usuário.
Ao continuar a navegar na página, concorda com a nossa política de cookies e política de privacidad.
New Products
App Store Hikvision
Hikvision License Activation
