#VU9533 Buffer overflow in Hikvision Hardware solutions
Vulnerability identifier: #VU9533
Vulnerability risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-120
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
DS-8100HFHI-SL(ST)
Hardware solutions /
Firmware
DS-7300HFHI-SL(ST)
Hardware solutions /
Firmware
DS-7200HFHI-SL(ST)(SE)
Hardware solutions /
Firmware
DS-7600HI-ST
Hardware solutions /
Firmware
DS-7104NI-SL/W
Hardware solutions /
Firmware
DS-7100NI-SL
Hardware solutions /
Firmware
DS-8100HCI(HFSI)(HWSI)-SH
Hardware solutions /
Firmware
DS-7600NI-SN(/N)(/P)
Hardware solutions /
Firmware
DS-7100NI-SN(/N)(/P)
Hardware solutions /
Firmware
DS-6700HFI(-SATA)
Hardware solutions /
Firmware
DS-6700HWI(-SATA)
Hardware solutions /
Firmware
DS-8100HDI-ST
Hardware solutions /
Firmware
DS-7300HI-ST
Hardware solutions /
Firmware
DS-7300HFI-ST
Hardware solutions /
Firmware
DS-7204HWI-SV
Hardware solutions /
Firmware
DS-7200HVI-SH
Hardware solutions /
Firmware
DS-7200HWI-Ex/C/F
Hardware solutions /
Firmware
DS-8100HQHI-SH
Hardware solutions /
Firmware
DS-8100HGHI-SH
Hardware solutions /
Firmware
DS-7300HQHI-SH
Hardware solutions /
Firmware
DS-7300HGHI-SH
Hardware solutions /
Firmware
DS-7200HQHI-SH
Hardware solutions /
Firmware
DS-7200HGHI-SH
Hardware solutions /
Firmware
DS-7100HQHI-SH
Hardware solutions /
Firmware
DS-7100HGHI-SH
Hardware solutions /
Firmware
DS-7200HWI-SV
Hardware solutions /
Firmware
DS-76/77xxNI-SP
Hardware solutions /
Firmware
DS-96xxNI-XT
Hardware solutions /
Firmware
DS-96xxNI-RT
Hardware solutions /
Firmware
DS-76/77/86/96xxNI-ST
Hardware solutions /
Firmware
DS-90/91xxHFI-XT
Hardware solutions /
Firmware
DS-90/91xxHFI-RT
Hardware solutions /
Firmware
DS-80/81/90/91/92xxHWI-ST
Hardware solutions /
Firmware
DS-80/81/90/91xxHFI-ST
Hardware solutions /
Firmware
DS-7700NI-E4(/N)(/P)
Hardware solutions /
Firmware
DS-7600NI-E2(/N)(/P)
Hardware solutions /
Firmware
DS-7600NI-E1(/N)(/P)
Hardware solutions /
Firmware
DS-7600NI-V(VP)
Hardware solutions /
Firmware
DS-7600NI-SE(/N)(/P)
Hardware solutions /
Firmware
DS-7300HWI(HFI)-SH
Hardware solutions /
Firmware
DS-7300HWI-E4(/C)
Hardware solutions /
Firmware
DS-7200HWI-E2(/C)
Hardware solutions /
Firmware
DS-7200HWI-E1(/C)
Hardware solutions /
Firmware
DS-7200HVI-SV
Hardware solutions /
Firmware
DS-7200HFI-SH
Hardware solutions /
Firmware
DS-7200HWI-SH(SL)
Hardware solutions /
Firmware
DS-7100HVI-SL(SH)
Hardware solutions /
Firmware
DS-7100HWI-SL(SH)
Hardware solutions /
Firmware
Hikvision DVR/NVR Firmware
Hardware solutions /
Firmware
Vendor: Hikvision
Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to buffer overflow in the RTSP Packet Handler. A remote attacker can send a specially crafted packet using the Range parameter of the RTSP transaction, trigger memory corruption and cause the service to crash.
Successful exploitation of the vulnerability results in denial of service.
Mitigation
Install update from vendor's website.
Vulnerable software versions
DS-8100HFHI-SL(ST): All versions
DS-7300HFHI-SL(ST): All versions
DS-7200HFHI-SL(ST)(SE): All versions
DS-7600HI-ST: All versions
DS-7104NI-SL/W: All versions
DS-7100NI-SL: All versions
DS-8100HCI(HFSI)(HWSI)-SH: All versions
DS-7600NI-SN(/N)(/P): All versions
DS-7100NI-SN(/N)(/P): All versions
DS-6700HFI(-SATA): All versions
DS-6700HWI(-SATA): All versions
DS-8100HDI-ST: All versions
DS-7300HI-ST: All versions
DS-7300HFI-ST: All versions
DS-7204HWI-SV: All versions
DS-7200HVI-SH: All versions
DS-7200HWI-Ex/C/F: All versions
DS-8100HQHI-SH: All versions
DS-8100HGHI-SH: All versions
DS-7300HQHI-SH: All versions
DS-7300HGHI-SH: All versions
DS-7200HQHI-SH: All versions
DS-7200HGHI-SH: All versions
DS-7100HQHI-SH: All versions
DS-7100HGHI-SH: All versions
DS-7200HWI-SV: All versions
DS-76/77xxNI-SP: All versions
DS-96xxNI-XT: All versions
DS-96xxNI-RT: All versions
DS-76/77/86/96xxNI-ST: All versions
DS-90/91xxHFI-XT: All versions
DS-90/91xxHFI-RT: All versions
DS-80/81/90/91/92xxHWI-ST: All versions
DS-80/81/90/91xxHFI-ST: All versions
DS-7700NI-E4(/N)(/P): All versions
DS-7600NI-E2(/N)(/P): All versions
DS-7600NI-E1(/N)(/P): All versions
DS-7600NI-V(VP): All versions
DS-7600NI-SE(/N)(/P): All versions
DS-7300HWI(HFI)-SH: All versions
DS-7300HWI-E4(/C): All versions
DS-7200HWI-E2(/C): All versions
DS-7200HWI-E1(/C): All versions
DS-7200HVI-SV: All versions
DS-7200HFI-SH: All versions
DS-7200HWI-SH(SL): All versions
DS-7100HVI-SL(SH): All versions
DS-7100HWI-SL(SH): All versions
Hikvision DVR/NVR Firmware: All versions
External links
http://www.hikvision.com/en/Press-Release-details_435_i853.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
