CVE-2017-14953

Published: Dec 1, 2017Modified: May 13, 2026

6.5

Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate attackers to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi encryption or authentication. NOTE: Vendor states that this is not a vulnerability, but more an increase to the attack surface of the product

Affected (1)

Products: Hikvision: Ds 2cd2432f Iw Firmware

1 product

Ds 2cd2432f Iw Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hikvision Ds 2cd2432f Iw Firmware	Before 5.4.5

Running on/with	Platform Versions
Hikvision Ds 2cd2432f Iw	All versions

Related CWEs

Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

References (4)

http://packetstormsecurity.com/files/145131/HikVision-Wi-Fi-IP-Camera-Wireless-Access-Point-State.html

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2017/Nov/43

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://packetstormsecurity.com/files/145131/HikVision-Wi-Fi-IP-Camera-Wireless-Access-Point-State.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2017/Nov/43

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.