9.8

CVE-2017-7921

Warnung
Medienbericht
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HikvisionDs-2cd2032-i Firmware Version-
   HikvisionDs-2cd2032-i Version-
   HikvisionDs-2cd2112-i Version-
   HikvisionDs-2cd2132-i Version-
   HikvisionDs-2cd2212-i5 Version-
   HikvisionDs-2cd2232-i5 Version-
   HikvisionDs-2cd2312-i Version-
   HikvisionDs-2cd2332-i Version-
   HikvisionDs-2cd2t32-i3 Version-
   HikvisionDs-2cd2t32-i5 Version-
   HikvisionDs-2cd2t32-i8 Version-
   HikvisionDs-2cd6412fwd Version-
HikvisionDs-2cd2112-i Firmware Version-
   HikvisionDs-2cd2032-i Version-
   HikvisionDs-2cd2112-i Version-
   HikvisionDs-2cd2132-i Version-
   HikvisionDs-2cd2212-i5 Version-
   HikvisionDs-2cd2232-i5 Version-
   HikvisionDs-2cd2312-i Version-
   HikvisionDs-2cd2332-i Version-
   HikvisionDs-2cd2t32-i3 Version-
   HikvisionDs-2cd2t32-i5 Version-
   HikvisionDs-2cd2t32-i8 Version-
   HikvisionDs-2cd6412fwd Version-
HikvisionDs-2cd2132-i Firmware Version-
   HikvisionDs-2cd2032-i Version-
   HikvisionDs-2cd2112-i Version-
   HikvisionDs-2cd2132-i Version-
   HikvisionDs-2cd2212-i5 Version-
   HikvisionDs-2cd2232-i5 Version-
   HikvisionDs-2cd2312-i Version-
   HikvisionDs-2cd2332-i Version-
   HikvisionDs-2cd2t32-i3 Version-
   HikvisionDs-2cd2t32-i5 Version-
   HikvisionDs-2cd2t32-i8 Version-
   HikvisionDs-2cd6412fwd Version-
HikvisionDs-2cd2212-i5 Firmware Version-
   HikvisionDs-2cd2032-i Version-
   HikvisionDs-2cd2112-i Version-
   HikvisionDs-2cd2132-i Version-
   HikvisionDs-2cd2212-i5 Version-
   HikvisionDs-2cd2232-i5 Version-
   HikvisionDs-2cd2312-i Version-
   HikvisionDs-2cd2332-i Version-
   HikvisionDs-2cd2t32-i3 Version-
   HikvisionDs-2cd2t32-i5 Version-
   HikvisionDs-2cd2t32-i8 Version-
   HikvisionDs-2cd6412fwd Version-
HikvisionDs-2cd2232-i5 Firmware Version-
   HikvisionDs-2cd2032-i Version-
   HikvisionDs-2cd2112-i Version-
   HikvisionDs-2cd2132-i Version-
   HikvisionDs-2cd2212-i5 Version-
   HikvisionDs-2cd2232-i5 Version-
   HikvisionDs-2cd2312-i Version-
   HikvisionDs-2cd2332-i Version-
   HikvisionDs-2cd2t32-i3 Version-
   HikvisionDs-2cd2t32-i5 Version-
   HikvisionDs-2cd2t32-i8 Version-
   HikvisionDs-2cd6412fwd Version-
HikvisionDs-2cd2312-i Firmware Version-
   HikvisionDs-2cd2032-i Version-
   HikvisionDs-2cd2112-i Version-
   HikvisionDs-2cd2132-i Version-
   HikvisionDs-2cd2212-i5 Version-
   HikvisionDs-2cd2232-i5 Version-
   HikvisionDs-2cd2312-i Version-
   HikvisionDs-2cd2332-i Version-
   HikvisionDs-2cd2t32-i3 Version-
   HikvisionDs-2cd2t32-i5 Version-
   HikvisionDs-2cd2t32-i8 Version-
   HikvisionDs-2cd6412fwd Version-
HikvisionDs-2cd2332-i Firmware Version-
   HikvisionDs-2cd2032-i Version-
   HikvisionDs-2cd2112-i Version-
   HikvisionDs-2cd2132-i Version-
   HikvisionDs-2cd2212-i5 Version-
   HikvisionDs-2cd2232-i5 Version-
   HikvisionDs-2cd2312-i Version-
   HikvisionDs-2cd2332-i Version-
   HikvisionDs-2cd2t32-i3 Version-
   HikvisionDs-2cd2t32-i5 Version-
   HikvisionDs-2cd2t32-i8 Version-
   HikvisionDs-2cd6412fwd Version-
HikvisionDs-2cd2t32-i3 Firmware Version-
   HikvisionDs-2cd2032-i Version-
   HikvisionDs-2cd2112-i Version-
   HikvisionDs-2cd2132-i Version-
   HikvisionDs-2cd2212-i5 Version-
   HikvisionDs-2cd2232-i5 Version-
   HikvisionDs-2cd2312-i Version-
   HikvisionDs-2cd2332-i Version-
   HikvisionDs-2cd2t32-i3 Version-
   HikvisionDs-2cd2t32-i5 Version-
   HikvisionDs-2cd2t32-i8 Version-
   HikvisionDs-2cd6412fwd Version-
HikvisionDs-2cd2t32-i5 Firmware Version-
   HikvisionDs-2cd2032-i Version-
   HikvisionDs-2cd2112-i Version-
   HikvisionDs-2cd2132-i Version-
   HikvisionDs-2cd2212-i5 Version-
   HikvisionDs-2cd2232-i5 Version-
   HikvisionDs-2cd2312-i Version-
   HikvisionDs-2cd2332-i Version-
   HikvisionDs-2cd2t32-i3 Version-
   HikvisionDs-2cd2t32-i5 Version-
   HikvisionDs-2cd2t32-i8 Version-
   HikvisionDs-2cd6412fwd Version-
HikvisionDs-2cd2t32-i8 Firmware Version-
   HikvisionDs-2cd2032-i Version-
   HikvisionDs-2cd2112-i Version-
   HikvisionDs-2cd2132-i Version-
   HikvisionDs-2cd2212-i5 Version-
   HikvisionDs-2cd2232-i5 Version-
   HikvisionDs-2cd2312-i Version-
   HikvisionDs-2cd2332-i Version-
   HikvisionDs-2cd2t32-i3 Version-
   HikvisionDs-2cd2t32-i5 Version-
   HikvisionDs-2cd2t32-i8 Version-
   HikvisionDs-2cd6412fwd Version-
HikvisionDs-2cd6412fwd Firmware Version-
   HikvisionDs-2cd2032-i Version-
   HikvisionDs-2cd2112-i Version-
   HikvisionDs-2cd2132-i Version-
   HikvisionDs-2cd2212-i5 Version-
   HikvisionDs-2cd2232-i5 Version-
   HikvisionDs-2cd2312-i Version-
   HikvisionDs-2cd2332-i Version-
   HikvisionDs-2cd2t32-i3 Version-
   HikvisionDs-2cd2t32-i5 Version-
   HikvisionDs-2cd2t32-i8 Version-
   HikvisionDs-2cd6412fwd Version-
HikvisionDs-2dfx Series Firmware Version-
   HikvisionDs-2dfx Series Version-

05.03.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog

Hikvision Multiple Products Improper Authentication Vulnerability

Schwachstelle

Multiple Hikvision products contain an improper authentication vulnerability that could allow a malicious user to escalate privileges on the system and gain access to sensitive information.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 100% 1
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
06.03.2026 09:46
http://www.hikvision.com/us/about_10805.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/98313
Third Party Advisory
Broken Link
VDB Entry
https://ghostbin.com/paste/q2vq2
Broken Link
https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01
Third Party Advisory
US Government Resource
https://www.hikvision.com/cn/support/CybersecurityCenter/SecurityNotices/20170314/
Third Party Advisory
https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification--privilege-escalating-vulnerability-in-cer/
Third Party Advisory
https://www.hikvision.com/us-en/support/document-center/special-notices/privilege-escalating-vulnerability-in-certain-hikvision-ip-cameras/
Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-7921
US Government Resource