Multiple vulnerabilities in Hikvision Cameras

Published: 2013-08-06 00:00:00 | Updated: 2017-12-08 09:08:42
Severity High
Patch available YES
Number of vulnerabilities 3
CVE ID CVE-2013-4977
CVE-2013-4976
CVE-2013-4975
CVSSv3 8.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
6.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C]
6.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]
CWE ID CWE-120
CWE-798
CWE-200
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #2 is available.
Public exploit code for vulnerability #3 is available.
Vulnerable software Ds-2cd7153-e
Hikvision DVR/NVR Firmware
Vulnerable software versions Ds-2cd7153-e 4.1.0 b130111
Hikvision DVR/NVR Firmware -
Vendor URL Hikvision

Security Advisory

1) Buffer overflow

Description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists due to buffer overflow in the RTSP Packet Handler. A remote attacker can send a specially crafted packet using the Range parameter of the RTSP transaction, trigger memory corruption and cause the service to crash or possibly execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update to the latest firmware version.

External links

https://www.coresecurity.com/advisories/hikvision-ip-cameras-multiple-vulnerabilities

2) Use of hard-coded credentials

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to use of hard-coded credentials (even if the built-in anonymous user account was explicitly disabled). A remote attacker can use hard-coded credentials to bypass the anonymous user authentication.

Remediation

Update to the latest firmware version.

External links

https://www.coresecurity.com/advisories/hikvision-ip-cameras-multiple-vulnerabilities

3) Information disclosure

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to unknown error when handling malicious input. A remote attacker can send specially crafted data and obtain the admin password from a non-privileged user account.

Remediation

Update to the latest firmware version.

External links

https://www.coresecurity.com/advisories/hikvision-ip-cameras-multiple-vulnerabilities

Back to List