Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Hikvision Subscribe
Total 18 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-28172 1 Hikvision 22 Ds-a71024, Ds-a71024 Firmware, Ds-a71048 and 19 more 2023-02-23 4.3 MEDIUM 6.1 MEDIUM
The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to XSS attack by sending messages with malicious commands to the affected device.
CVE-2022-28171 1 Hikvision 22 Ds-a71024, Ds-a71024 Firmware, Ds-a71048 and 19 more 2023-02-23 7.5 HIGH 9.8 CRITICAL
The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to execute restricted commands by sending messages with malicious commands to the affected device.
CVE-2022-28173 1 Hikvision 4 Ds-3wf01c-2n\/o, Ds-3wf01c-2n\/o Firmware, Ds-3wf0ac-2nt and 1 more 2022-12-29 N/A 9.8 CRITICAL
The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.
CVE-2021-36260 1 Hikvision 512 Ds-2cd2021g1-i\(w\), Ds-2cd2021g1-i\(w\) Firmware, Ds-2cd2023g2-i\(u\) and 509 more 2022-10-27 9.3 HIGH 9.8 CRITICAL
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.
CVE-2018-6414 1 Hikvision 1 Ip Cameras 2020-09-24 7.5 HIGH 9.8 CRITICAL
A buffer overflow vulnerability in the web server of some Hikvision IP Cameras allows an attacker to send a specially crafted message to affected devices. Due to the insufficient input validation, successful exploit can corrupt memory and lead to arbitrary code execution or crash the process.
CVE-2020-7057 1 Hikvision 2 Ds-7204hghi-f1, Ds-7204hghi-f1 Firmware 2020-01-24 5.0 MEDIUM 5.3 MEDIUM
Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users. However, only about 4 or 5 failed logins are allowed.
CVE-2013-4975 1 Hikvision 2 Ds-2cd7153-e, Ds-2cd7153-e Firmware 2020-01-14 9.0 HIGH 8.8 HIGH
Hikvision DS-2CD7153-E IP Camera has Privilege Escalation
CVE-2013-4976 1 Hikvision 2 Ds-2cd7153-e, Ds-2cd7153-e Firmware 2020-01-09 7.5 HIGH 9.8 CRITICAL
Hikvision DS-2CD7153-E IP Camera has security bypass via hardcoded credentials
CVE-2017-14953 1 Hikvision 2 Ds-2cd2432f-iw, Ds-2cd2432f-iw Firmware 2019-10-02 3.3 LOW 6.5 MEDIUM
** DISPUTED ** HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate attackers to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi encryption or authentication. NOTE: Vendor states that this is not a vulnerability, but more an increase to the attack surface of the product.
CVE-2018-6413 1 Hikvision 2 Ds-2cd9111-s, Ds-2cd9111-s Firmware 2018-05-23 5.0 MEDIUM 7.5 HIGH
There is a buffer overflow in the Hikvision Camera DS-2CD9111-S of V4.1.2 build 160203 and before, and this vulnerability allows remote attackers to launch a denial of service attack (service interruption) via a crafted network setting interface request.
CVE-2017-7923 1 Hikvision 116 Ds-2cd2032-i, Ds-2cd2032-i Firmware, Ds-2cd2112-i and 113 more 2017-12-18 4.0 MEDIUM 8.8 HIGH
A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The password in configuration file vulnerability could allow a malicious user to escalate privileges or assume the identity of another user and access sensitive information.
CVE-2017-7921 1 Hikvision 116 Ds-2cd2032-i, Ds-2cd2032-i Firmware, Ds-2cd2112-i and 113 more 2017-12-18 7.5 HIGH 10.0 CRITICAL
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.
CVE-2017-13774 1 Hikvision 1 Ivms-4200 2017-09-12 2.1 LOW 7.8 HIGH
Hikvision iVMS-4200 devices before v2.6.2.7 allow local users to generate password-recovery codes via unspecified vectors.
CVE-2013-4977 1 Hikvision 2 Ds-2cd7153-e, Ds-2cd7153-e Firmware 2017-08-28 10.0 HIGH N/A
Buffer overflow in the RTSP Packet Handler in Hikvision DS-2CD7153-E IP camera with firmware 4.1.0 b130111 (Jan 2013), and possibly other devices, allows remote attackers to cause a denial of service (device crash and reboot) and possibly execute arbitrary code via a long string in the Range header field in an RTSP transaction.
CVE-2015-4408 1 Hikvision 9 Ds-7604ni-e1\/4p, Ds-7608ni-12\/8p, Ds-7608ni-e1\/8p and 6 more 2017-03-14 6.8 MEDIUM 6.5 MEDIUM
Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the ISAPI issue.
CVE-2015-4409 1 Hikvision 9 Ds-7604ni-e1\/4p, Ds-7608ni-12\/8p, Ds-7608ni-e1\/8p and 6 more 2017-03-14 6.8 MEDIUM 6.5 MEDIUM
Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the SDK issue.
CVE-2015-4407 1 Hikvision 9 Ds-7604ni-e1\/4p, Ds-7608ni-12\/8p, Ds-7608ni-e1\/8p and 6 more 2017-03-14 6.8 MEDIUM 6.5 MEDIUM
Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the PSIA issue.
CVE-2014-4880 1 Hikvision 2 Dvr Ds-7204, Dvr Ds-7204 Firmware 2014-12-08 7.5 HIGH N/A
Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote attackers to execute arbitrary code via an RTSP PLAY request with a long Authorization header.