SECURITY NOTIFICATION- COMMAND INJECTION VULNERABILITY IN SOME HIKVISION PRODUCTS
September 18, 2021
SN No.: HSRC-202109-01
Edit: Hikvision Security Response Center (HSRC)
Initial release date: 2021-09-19
Summary:
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.
CVE ID:
CVE-2021-36260
Scoring:
CVSS v3 is adopted in this vulnerability scoring(http://www.first.org/cvss/specification-document)
Base score: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Temporal score: 8.8 (E:P/RL:O/RC:C)
Affected versions and resolved version:
Information of affected versions and resolved versions:
Product Category |
Product name |
Affected version(s) |
Fixed Version(s) |
Fixed Firmware Download Link |
IP Kit |
EKI-K41T44(C) |
Versions which Build time from 210224 to 210625 |
V4.30.216 build210629 |
https://us.hikvision.com/sites/default/files/firmware/dz_k9b2_ml_std_v4.30.216_210629.zip |
Value Express IP |
ECI-B12F2, ECI-B12F4 |
Versions which Build time before 210720 |
V5.5.2 build210720 |
|
ECI-T22F2 (B), ECI-T22F4 (B) |
Versions which Build time from 210410 to 210721 |
V5.5.120 build210721 |
https://us.hikvision.com/sites/default/files/firmware/pj14pc20210402045_... |
|
ECI-T24F2 (C), ECI-T24F4 (C) |
Versions which Build time from 210322 to 210630 |
V5.5.120 build210630 |
||
Value IP |
DS-2CD2D21G0/M-D/NF |
Versions which Build time before 210628 |
V5.5.800 build210628 |
https://us.hikvision.com/sites/default/files/firmware/ipc_e3_en_std_5.5.800_210628.zip |
DS-2CD2086G2-I, DS-2CD2346G2-I, |
Versions which Build time before 210625 |
V5.5.800 210628 |
https://us.hikvision.com/sites/default/files/firmware/ipc_g3_en_std_5.5.800_210628.zip |
|
DS-2CD2T47G2-L (C), DS-2CD2087G2-L (C), |
Versions which Build time before 210625 |
V 5.5.800 210727 |
https://us.hikvision.com/sites/default/files/firmware/ipc_g5_en_std_5.5.801_210727.zip |
|
DS-2CD2510F |
Versions which Build time before 210813 |
V5.4.800_210813 |
https://us.hikvision.com/sites/default/files/firmware/ipc_r2_en_std_5.4.800_210813.zip |
|
Performance IP |
PCI-B12F2S, PCI-B12F4S, PCI-B12F6S, |
Versions which Build time before 210703 |
V5.5.150 build210703 |
|
PCI-D18F4S |
Versions which Build time before 210805 |
V5.5.115 build210805 |
||
PanoVu |
DS-2CD6924G0-HIS |
Versions which Build time before 210625 |
V5.5.800 build210628 |
https://us.hikvision.com/sites/default/files/firmware/ipcp_h5_en_std_5.5.800_210628.zip |
Value PTZ (DE series) |
DS-2DE2204IW-DE3 |
Versions which Build time before 210625 |
V5.4.800 build210812 |
https://us.hikvision.com/sites/default/files/firmware/ipd_r0_en_std_5.4.800_210812.zip |
DS-2DE2A404IW-DE3 |
V5.6.800 build210628 |
https://us.hikvision.com/sites/default/files/firmware/ipde_e7_en_std_5.6.800_210628.zip |
||
DS-2DE3A400BW-DE |
V5.5.802 build210629 |
https://us.hikvision.com/sites/default/files/firmware/ipde_g3_en_std_5.5.802_210629.zip |
||
DS-2DE4225W-DE |
V5.6.800 build210628 |
https://us.hikvision.com/sites/default/files/firmware/ipde_e7_en_std_5.6.800_210628.zip |
||
DS-2DE4225W-DE3 |
V5.4.800 build210812 |
https://us.hikvision.com/sites/default/files/firmware/ipd_r0_en_std_5.4.800_210812.zip |
||
DS-2DE4A225IW-DE |
V5.6.800 build210628 |
https://us.hikvision.com/sites/default/files/firmware/ipde_e7_en_std_5.6.800_210628.zip |
||
DS-2DE4A425IW-DE |
||||
DS-2DE4425IW-DE |
||||
DS-2DE5225IW-AE |
||||
Smart Pro PTZ (DF series) |
DS-2DF5232X-AEL |
Versions which Build time before 210625 |
V5.5.800 build210628 |
https://us.hikvision.com/sites/default/files/firmware/ipd_h7_en_std_5.5.800_210628.zip |
DS-2DF6A836XS-AEL |
Versions which Build time before 210625 |
V5.5.801 build210628 |
https://us.hikvision.com/sites/default/files/firmware/ipd_h5_en_std_5.5.801_210628.zip |
|
DS-2DF9C245IHS-DLW |
Versions which Build time before 210625 |
V5.5.801 build210701 |
https://us.hikvision.com/sites/default/files/firmware/ipdhg_h5_l1_en_std_5.5.801_210701.zip |
|
Thermal Fixed Camera |
DS-2TD1217-2/PA, DS-2TD1217-3/PA, |
Versions which build time before 210702 |
V5.5.42 build 210721 |
https://us.hikvision.com/sites/default/files/firmware/iphc_h7_en_std_5.5.42_210721.zip |
DS-2TD1217-2/V1, DS-2TD1217-3/V1, |
Versions which build time before 210702 |
V5.5.22 build 210702 |
https://us.hikvision.com/sites/default/files/firmware/iptcs_h3_en_std_5....
|
|
DS-2TD2117-3/V1, DS-2TD2117-6/V1, |
Versions which build time before 210702 |
V5.5.22 build 210702 |
https://us.hikvision.com/sites/default/files/firmware/iphc_h3_en_std_5.5.22_210702.zip |
|
DS-2TD2136-7, DS-2TD2136-10, |
Versions which build time before 210702 |
V5.5.8 build 210702 |
https://us.hikvision.com/sites/default/files/firmware/iphc_h1_en_std_5.5... |
|
Thermal PTZ Camera |
DS-2TD4137-25/W, |
Versions which build time before 210702 |
V5.5.33 build 210729 |
https://us.hikvision.com/sites/default/files/firmware/iptm_h5_en_std_5.5... |
DS-2TD4136-25/V2, DS-2TD4136-50/V2, |
Versions which build time before 210702 |
V5.5.39 build 210702 |
https://us.hikvision.com/sites/default/files/firmware/iptm_h3_en_std_5.5.39_210702.zip |
|
HAT Camera |
DS-2TD1217B-3/PA, DS-2TD1217B-6/PA, |
Versions which build time before 210702 |
V5.5.34 build 210702 |
https://us.hikvision.com/sites/default/files/firmware/iptc_temp_h7_en_std_5.5.34_210702.zip |
NVR |
DS-7604NI-Q1/4P (C) |
V4.30.210 Build201224 V4.30.216 build210111 |
V4.31.102 build210626 |
https://us.hikvision.com/sites/default/files/firmware/nvr_k9b2_bl_ml_std_v4.31.102_210626.zip |
Precondition:
The attacker has access to the device network or the device has direct interface with the internet
Attack step:
Send a specially crafted message.
Obtaining fixed firmware:
Users should download the updated firmware to guard against this potential vulnerability. See above chart right column for download links.
FAQ:
Click here to Access the FAQ Document.
Source of vulnerability information:
This vulnerability is reported to HSRC by UK security researcher Watchful IP.
Contact Us:
Should you have a security problem or concern, please contact Hikvision Security Response Center at hsrc@hikvision.com.
2021-09-23 V1.1 Update information of impacted product model/firmware versions and resolved versions.
2021-09-28 V1.2 Update information of impacted product model/affected versions/fix versions.
Hikvision.com uses strictly necessary cookies and related technologies to enable the website to function. With your consent, we would also like to use cookies to observe and analyse traffic levels and other metrics / show you targeted advertising / show you advertising on the basis of your location / tailor our website's content. For more information on cookie practices please refer to our cookie policy.
Product Selector
Core Technologies
Legacy Products
Hikvision License Activation
Hikvision App Store
