Multiple vulnerabilities in Hikvision Cameras
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2013-4977 CVE-2013-4976 CVE-2013-4975 |
| CWE-ID | CWE-120 CWE-798 CWE-200 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. |
| Vulnerable software Subscribe |
Ds-2cd7153-e Hardware solutions / Office equipment, IP-phones, print servers Hikvision DVR/NVR Firmware Hardware solutions / Firmware |
| Vendor | Hikvision |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU9529
Risk: High
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2013-4977
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists due to buffer overflow in the RTSP Packet Handler. A remote attacker can send a specially crafted packet using the Range parameter of the RTSP transaction, trigger memory corruption and cause the service to crash or possibly execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Update to the latest firmware version.
Ds-2cd7153-e: 4.1.0 b130111
Hikvision DVR/NVR Firmware: All versions
External linkshttp://www.coresecurity.com/advisories/hikvision-ip-cameras-multiple-vulnerabilities
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Use of hard-coded credentials
EUVDB-ID: #VU9530
Risk: Low
CVSSv3.1: 6.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2013-4976
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to use of hard-coded credentials (even if the built-in anonymous user account was explicitly disabled). A remote attacker can use hard-coded credentials to bypass the anonymous user authentication.
Update to the latest firmware version.
Ds-2cd7153-e: 4.1.0 b130111
Hikvision DVR/NVR Firmware: All versions
External linkshttp://www.coresecurity.com/advisories/hikvision-ip-cameras-multiple-vulnerabilities
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Information disclosure
EUVDB-ID: #VU9531
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2013-4975
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to unknown error when handling malicious input. A remote attacker can send specially crafted data and obtain the admin password from a non-privileged user account.
Update to the latest firmware version.
Ds-2cd7153-e: 4.1.0 b130111
Hikvision DVR/NVR Firmware: All versions
External linkshttp://www.coresecurity.com/advisories/hikvision-ip-cameras-multiple-vulnerabilities
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
