March 12, 2017
SNNo. HSRC-201703-04
Edit: Hikvision Security Response Center (HSRC)
InitialRelease Date: 2017-03-10
UpdateRelease Date: 2017-03-12
While processing a specified request code, the user privilege-escalating vulnerability may occur for select Hikvision IP cameras with particular firmware version.
CVE-2017-7921, CVE-2017-7923
By exploiting this vulnerability, attackers could obtain an unauthorized escalated additional user privilege to acquire or tamper with the device information.
Product Name |
Affected Versions |
Resolved Versions |
Where to update firmware |
---|
DS-2CD2xx2F-I Series |
V5.2.0 build 140721 to V5.4.0 Build 160530 |
V5.4.5 Build 170123 and later |
Download Link |
---|
DS-2CD2xx0F-I Series |
V5.2.0 build 140721 to V5.4.0 Build 160401 |
V5.4.5 Build 170123 and later |
Download Link |
---|
DS-2CD2xx2FWD Series |
V5.3.1 build 150410 to V5.4.4 Build 161125 |
V5.4.5 Build 170124 and later |
Download Link |
---|
DS-2CD4x2xFWD Series |
V5.2.0 build 140721 to V5.4.0 Build 160414 |
V5.4.5 Build 170228 and later |
Download Link |
---|
DS-2CD4xx5 Series |
V5.2.0 build 140721 to V5.4.0 Build 160421 |
V5.4.5 Build 170302 and later |
Download Link |
---|
DS-2DFx Series
|
V5.2.0 build 140805 to V5.4.5 Build 160928 |
V5.4.9 Build 170123 and later |
Download Link |
---|
DS-2CD63xx Series
|
V5.0.9 build 140305 to V5.3.5 Build 160106 |
V 5.4.5 Build 170206 and later |
Download Link |
---|
Update devices with the correct firmware.
Should you have a security problem orconcern, please contact Hikvision Security Response Center at hsrc@hikvision.com.