Privilege-Escalating Vulnerability in Certain Hikvision IP Cameras

March 12, 2017

SNNo. HSRC-201703-04

Edit: Hikvision Security Response Center (HSRC)

InitialRelease Date: 2017-03-10

UpdateRelease Date: 2017-03-12

Summary

While processing a specified request code, the user privilege-escalating vulnerability may occur for select Hikvision IP cameras with particular firmware version.

This vulnerability was discovered, and until now, has not been designated as Common Vulnerabilities and Exposures (CVE).

Impact

By exploiting this vulnerability, attackers could obtain an unauthorized escalated additional user privilege to acquire or tamper with the device information.

Affected Software Versions and Fixes

Product Name	Affected Versions	Resolved Versions	Where to update firmware
DS-2CD2xx2F-I Series	V5.2.0 build 140721 to V5.4.0 Build 160530	V5.4.5 Build 170123 and later	Download Link
DS-2CD2xx0F-I Series	V5.2.0 build 140721 to V5.4.0 Build 160401	V5.4.5 Build 170123 and later	Download Link
DS-2CD2xx2FWD Series	V5.3.1 build 150410 to V5.4.4 Build 161125	V5.4.5 Build 170124 and later	Download Link
DS-2CD4x2xFWD Series	V5.2.0 build 140721 to V5.4.0 Build 160414	V5.4.5 Build 170228 and later	Download Link
DS-2CD4xx5 Series	V5.2.0 build 140721 to V5.4.0 Build 160421	V5.4.5 Build 170302 and later	Download Link
DS-2DFx Series	V5.2.0 build 140805 to V5.4.5 Build 160928	V5.4.9 Build 170123 and later	Download Link
DS-2CD63xx Series	V5.0.9 build 140305 to V5.3.5 Build 160106	V 5.4.5 Build 170206 and later	Download Link