Recently, a media reported that some historical versions of Hikvision products were impacted by CVE-2022-2472. To be clear, the issues indicated in the report have all been fixed in new versions.
Hikvision constantly releases software updates to solve new security problems and improve its product security. Firmware packages carry a digital signature to verify the source and integrity of the update package, and to prevent the device from being installed with illegal firmware updates. In addition, Hikvision has adopted an anti-downgrade mechanism to prevent the device from being downgraded to an earlier version with potential security risks.
As always, we strongly encourage users to update their devices to the latest firmware as soon as possible.
Attach below is the affected historical versions:
Affected Product Series |
Affected versions |
IPC\IPD |
Versions below V5.4.0 (not including V5.4.0) |
NVR |
Versions below V3.4.2 (not including V3.4.2) |
DVR |
Versions below V3.3.3 (not including V3.3.3) |
Note: IPC\IPD V5.4.0, NVR V3.4.2, DVR V3.3.3 were all released in 2016. Hikvision will continuously update this security notice regarding the affected historical versions.
Users can download patches/updates on the Hikvision official website (Click here).