Privilege-Escalating Vulnerability in Certain Hikvision IP Cameras | Hikvision US | The world’s largest video surveillance manufacturer
Reset

Privilege-Escalating Vulnerability in Certain Hikvision IP Cameras

March 12, 2017

 

SNNo. HSRC-201703-04

Edit: Hikvision Security Response Center (HSRC)

InitialRelease Date: 2017-03-10

UpdateRelease Date: 2017-03-12

 

  • Summary

While processing a specified request code, the user privilege-escalating vulnerability may occur for select Hikvision IP cameras with particular firmware version.  

This vulnerability was discovered, and until now, has not been designated as Common Vulnerabilities and Exposures (CVE).

 

  •   Impact

By exploiting this vulnerability, attackers could obtain an unauthorized escalated additional user privilege to acquire or tamper with the device information.

 

  • Affected Software Versions and Fixes

 

Product Name Affected Versions Resolved Versions Where to update firmware
DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 Build 160530 V5.4.5 Build 170123 and later Download Link
DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401 V5.4.5 Build 170123 and later Download Link
DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125 V5.4.5 Build 170124 and later Download Link
DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414 V5.4.5 Build 170228 and later Download Link
DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421 V5.4.5 Build 170302 and later Download Link

DS-2DFx Series

V5.2.0 build 140805 to V5.4.5 Build 160928 V5.4.9 Build 170123 and later Download Link

DS-2CD63xx Series

V5.0.9 build 140305 to V5.3.5 Build 160106 V 5.4.5 Build 170206 and later Download Link

 

  • Solution

Update devices with the correct firmware.

 

  • ContactUs

Should you have a security problem orconcern, please contact Hikvision Security Response Center at hsrc@hikvision.com.

Please read and understand all the rights and limitations stipulated in this License Agreement for using SDK, Demo, Driver, Client software, Keyboards, Decoders and Encoders, NVR’s, DVR’s, Tribrid Digital Recorders, Turbo HD Kits, IP Kits, Network Cameras, Value Express Series, Value Plus Series, Value Series, Performance Series, Mobile Surveillance, Smart Pro Series, Smart series, IP Video Intercom, Access Control (hereinafter referred to as “the Agreement”). You need to check and accept all the clauses of this Agreement. The software or documentation shall not be downloaded and installed on your computer unless you accept the clauses of this Agreement totally. Once clicking “accept” button, namely, you sign to accept all the clauses of the Agreement. You need to check and accept all the clauses of this Agreement. The software or documentation shall not be downloaded and installed on your computer unless you accept the clauses of this Agreement totally.