Security Notification: Privilege-Escalating Vulnerability in Certain Hikvision IP Cameras

March 13, 2017 Views:262

 

SN No. HSRC-201703-04

Edit: Hikvision Security Response Center (HSRC)

Initial Release Date: 2017-03-10

Update Release Date: 2017-03-12


Summary

While processing a specified request code, the user privilege-escalating vulnerability may occur for select Hikvision IP cameras with particular firmware version.  

This vulnerability was discovered, and until now, has not been designated as Common Vulnerabilities and Exposures(CVE).

 

Impact

By exploiting this vulnerability, attackers could obtain an unauthorized escalated additional user privilege to acquire or tamper with the device information.


Solution

Update devices with the correct firmware.

Fixed firmware download link: http://www.hikvision.com.au/download_89.html

 

Contact Us

Should you have a security problem or concern, please contact Hikvision Security Response Center at hsrc@hikvision.com.