Privilege-Escalating Vulnerability in Certain Hikvision IP Cameras
Edit: Hikvision Security Response Center (HSRC)
InitialRelease Date: 2017-03-10
UpdateRelease Date: 2017-03-12
While processing a specified request code, the user privilege-escalating vulnerability may occur for select Hikvision IP cameras with particular firmware version.
This vulnerability was discovered, and until now, has not been designated as Common Vulnerabilities and Exposures (CVE).
By exploiting this vulnerability, attackers could obtain an unauthorized escalated additional user privilege to acquire or tamper with the device information.
Affected Software Versions and Fixes
|Product Name||Affected Versions||Resolved Versions||Where to update firmware|
|DS-2CD2xx2F-I Series||V5.2.0 build 140721 to V5.4.0 Build 160530||V5.4.5 Build 170123 and later||Download Link|
|DS-2CD2xx0F-I Series||V5.2.0 build 140721 to V5.4.0 Build 160401||V5.4.5 Build 170123 and later||Download Link|
|DS-2CD2xx2FWD Series||V5.3.1 build 150410 to V5.4.4 Build 161125||V5.4.5 Build 170124 and later||Download Link|
|DS-2CD4x2xFWD Series||V5.2.0 build 140721 to V5.4.0 Build 160414||V5.4.5 Build 170228 and later||Download Link|
|DS-2CD4xx5 Series||V5.2.0 build 140721 to V5.4.0 Build 160421||V5.4.5 Build 170302 and later||Download Link|
|V5.2.0 build 140805 to V5.4.5 Build 160928||V5.4.9 Build 170123 and later||Download Link|
|V5.0.9 build 140305 to V5.3.5 Build 160106||V 5.4.5 Build 170206 and later||Download Link|
Update devices with the correct firmware.
Should you have a security problem orconcern, please contact Hikvision Security Response Center at firstname.lastname@example.org.