Denial of service in Hikvision Cameras

Published: 2015-11-09 00:00:00
Severity Low
Patch available YES
Number of vulnerabilities 3
CVE ID CVE-2015-4407
CVE-2015-4408
CVE-2015-4409
CVSSv3 5.7 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
5.7 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
5.7 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CWE ID CWE-120
Exploitation vector Network
Public exploit Not available
Vulnerable software DS-77xxxNI-E4 Series
DS-76xxNI-E1/2 Series
Hikvision DVR/NVR Firmware
Vulnerable software versions DS-77xxxNI-E4 Series -
DS-76xxNI-E1/2 Series -
Hikvision DVR/NVR Firmware -
Vendor URL Hikvision

Security Advisory

1) Buffer overflow

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists due to buffer overflow. A remote attacker can send a specially crafted HTTP request, trigger memory corruption and cause the service to crash.

Remediation

Update to version 3.4.0.

External links

http://www.hikvision.com/en/Press-Release-details_435_i1023.html

2) Buffer overflow

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists due to buffer overflow. A remote attacker can send a specially crafted HTTP request, trigger memory corruption and cause the service to crash.

Remediation

Update to version 3.4.0.

External links

http://www.hikvision.com/en/Press-Release-details_435_i1023.html

3) Buffer overflow

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists due to buffer overflow. A remote attacker can send a specially crafted HTTP request, trigger memory corruption and cause the service to crash.

Remediation

Update to version 3.4.0.

External links

http://www.hikvision.com/en/Press-Release-details_435_i1023.html

Back to List