CVE-2025-66174

Published: Dec 19, 2025Modified: Dec 23, 2025

6.8

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.9 / Impact: 5.9

Source: NVD

Description

There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and run a series of commands.

Affected (2)

Products: Hikvision: Ds 7104hghi F1 Firmware, Ds 7204hghi F1 Firmware

Hikvision

2 products

Ds 7104hghi F1 Firmware

Ds 7204hghi F1 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hikvision Ds 7104hghi F1 Firmware	Up to 4.30.122_201107

Running on/with	Platform Versions
Hikvision Ds 7104hghi F1	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hikvision Ds 7204hghi F1 Firmware	Up to 4.30.122_201107

Running on/with	Platform Versions
Hikvision Ds 7204hghi F1	All versions

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (1)

https://www.hikvision.com/en/support/cybersecurity/security-advisory/serial-port-privilege-escalation-vulnerabilities-in-some-hikvision-nvr-devices/

Source: hsrc@hikvision.com

Vendor Advisory

Timeline

No history available yet.