6.2
CVE-2025-66173
- EPSS 0.19%
- Veröffentlicht 19.12.2025 06:39:38
- Zuletzt bearbeitet 23.12.2025 21:45:17
- Quelle hsrc@hikvision.com
- CVE-Watchlists
- Unerledigt
There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and gaining access to an unrestricted shell environment.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hikvision ≫ Ds-7104hghi-f1 Firmware Version <= 4.30.122_201107
Hikvision ≫ Ds-7204hghi-f1 Firmware Version <= 4.30.122_201107
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.085 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| hsrc@hikvision.com | 6.2 | 0.3 | 5.9 |
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
https://www.hikvision.com/en/support/cybersecurity/security-advisory/serial-port-privilege-escalation-vulnerabilities-in-some-hikvision-nvr-devices/