10

CVE-2017-7921

Warnung
Medienbericht
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HikvisionDs-2cd2032-i Firmware Version-
   HikvisionDs-2cd2032-i Version-
   HikvisionDs-2cd2112-i Version-
   HikvisionDs-2cd2132-i Version-
   HikvisionDs-2cd2212-i5 Version-
   HikvisionDs-2cd2232-i5 Version-
   HikvisionDs-2cd2312-i Version-
   HikvisionDs-2cd2332-i Version-
   HikvisionDs-2cd2t32-i3 Version-
   HikvisionDs-2cd2t32-i5 Version-
   HikvisionDs-2cd2t32-i8 Version-
   HikvisionDs-2cd6412fwd Version-
HikvisionDs-2cd2112-i Firmware Version-
   HikvisionDs-2cd2032-i Version-
   HikvisionDs-2cd2112-i Version-
   HikvisionDs-2cd2132-i Version-
   HikvisionDs-2cd2212-i5 Version-
   HikvisionDs-2cd2232-i5 Version-
   HikvisionDs-2cd2312-i Version-
   HikvisionDs-2cd2332-i Version-
   HikvisionDs-2cd2t32-i3 Version-
   HikvisionDs-2cd2t32-i5 Version-
   HikvisionDs-2cd2t32-i8 Version-
   HikvisionDs-2cd6412fwd Version-
HikvisionDs-2cd2132-i Firmware Version-
   HikvisionDs-2cd2032-i Version-
   HikvisionDs-2cd2112-i Version-
   HikvisionDs-2cd2132-i Version-
   HikvisionDs-2cd2212-i5 Version-
   HikvisionDs-2cd2232-i5 Version-
   HikvisionDs-2cd2312-i Version-
   HikvisionDs-2cd2332-i Version-
   HikvisionDs-2cd2t32-i3 Version-
   HikvisionDs-2cd2t32-i5 Version-
   HikvisionDs-2cd2t32-i8 Version-
   HikvisionDs-2cd6412fwd Version-
HikvisionDs-2cd2212-i5 Firmware Version-
   HikvisionDs-2cd2032-i Version-
   HikvisionDs-2cd2112-i Version-
   HikvisionDs-2cd2132-i Version-
   HikvisionDs-2cd2212-i5 Version-
   HikvisionDs-2cd2232-i5 Version-
   HikvisionDs-2cd2312-i Version-
   HikvisionDs-2cd2332-i Version-
   HikvisionDs-2cd2t32-i3 Version-
   HikvisionDs-2cd2t32-i5 Version-
   HikvisionDs-2cd2t32-i8 Version-
   HikvisionDs-2cd6412fwd Version-
HikvisionDs-2cd2232-i5 Firmware Version-
   HikvisionDs-2cd2032-i Version-
   HikvisionDs-2cd2112-i Version-
   HikvisionDs-2cd2132-i Version-
   HikvisionDs-2cd2212-i5 Version-
   HikvisionDs-2cd2232-i5 Version-
   HikvisionDs-2cd2312-i Version-
   HikvisionDs-2cd2332-i Version-
   HikvisionDs-2cd2t32-i3 Version-
   HikvisionDs-2cd2t32-i5 Version-
   HikvisionDs-2cd2t32-i8 Version-
   HikvisionDs-2cd6412fwd Version-
HikvisionDs-2cd2312-i Firmware Version-
   HikvisionDs-2cd2032-i Version-
   HikvisionDs-2cd2112-i Version-
   HikvisionDs-2cd2132-i Version-
   HikvisionDs-2cd2212-i5 Version-
   HikvisionDs-2cd2232-i5 Version-
   HikvisionDs-2cd2312-i Version-
   HikvisionDs-2cd2332-i Version-
   HikvisionDs-2cd2t32-i3 Version-
   HikvisionDs-2cd2t32-i5 Version-
   HikvisionDs-2cd2t32-i8 Version-
   HikvisionDs-2cd6412fwd Version-
HikvisionDs-2cd2332-i Firmware Version-
   HikvisionDs-2cd2032-i Version-
   HikvisionDs-2cd2112-i Version-
   HikvisionDs-2cd2132-i Version-
   HikvisionDs-2cd2212-i5 Version-
   HikvisionDs-2cd2232-i5 Version-
   HikvisionDs-2cd2312-i Version-
   HikvisionDs-2cd2332-i Version-
   HikvisionDs-2cd2t32-i3 Version-
   HikvisionDs-2cd2t32-i5 Version-
   HikvisionDs-2cd2t32-i8 Version-
   HikvisionDs-2cd6412fwd Version-
HikvisionDs-2cd2t32-i3 Firmware Version-
   HikvisionDs-2cd2032-i Version-
   HikvisionDs-2cd2112-i Version-
   HikvisionDs-2cd2132-i Version-
   HikvisionDs-2cd2212-i5 Version-
   HikvisionDs-2cd2232-i5 Version-
   HikvisionDs-2cd2312-i Version-
   HikvisionDs-2cd2332-i Version-
   HikvisionDs-2cd2t32-i3 Version-
   HikvisionDs-2cd2t32-i5 Version-
   HikvisionDs-2cd2t32-i8 Version-
   HikvisionDs-2cd6412fwd Version-
HikvisionDs-2cd2t32-i5 Firmware Version-
   HikvisionDs-2cd2032-i Version-
   HikvisionDs-2cd2112-i Version-
   HikvisionDs-2cd2132-i Version-
   HikvisionDs-2cd2212-i5 Version-
   HikvisionDs-2cd2232-i5 Version-
   HikvisionDs-2cd2312-i Version-
   HikvisionDs-2cd2332-i Version-
   HikvisionDs-2cd2t32-i3 Version-
   HikvisionDs-2cd2t32-i5 Version-
   HikvisionDs-2cd2t32-i8 Version-
   HikvisionDs-2cd6412fwd Version-
HikvisionDs-2cd2t32-i8 Firmware Version-
   HikvisionDs-2cd2032-i Version-
   HikvisionDs-2cd2112-i Version-
   HikvisionDs-2cd2132-i Version-
   HikvisionDs-2cd2212-i5 Version-
   HikvisionDs-2cd2232-i5 Version-
   HikvisionDs-2cd2312-i Version-
   HikvisionDs-2cd2332-i Version-
   HikvisionDs-2cd2t32-i3 Version-
   HikvisionDs-2cd2t32-i5 Version-
   HikvisionDs-2cd2t32-i8 Version-
   HikvisionDs-2cd6412fwd Version-
HikvisionDs-2cd6412fwd Firmware Version-
   HikvisionDs-2cd2032-i Version-
   HikvisionDs-2cd2112-i Version-
   HikvisionDs-2cd2132-i Version-
   HikvisionDs-2cd2212-i5 Version-
   HikvisionDs-2cd2232-i5 Version-
   HikvisionDs-2cd2312-i Version-
   HikvisionDs-2cd2332-i Version-
   HikvisionDs-2cd2t32-i3 Version-
   HikvisionDs-2cd2t32-i5 Version-
   HikvisionDs-2cd2t32-i8 Version-
   HikvisionDs-2cd6412fwd Version-
HikvisionDs-2dfx Series Firmware Version-
   HikvisionDs-2dfx Series Version-

05.03.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog

Hikvision Multiple Products Improper Authentication Vulnerability

Schwachstelle

Multiple Hikvision products contain an improper authentication vulnerability that could allow a malicious user to escalate privileges on the system and gain access to sensitive information.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 94.23% 0.999
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 3.9 6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://www.securityfocus.com/bid/98313
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01
Third Party Advisory
US Government Resource