Hikvision

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-66176 1Hikvision 28Ds K1t105a Firmware Ds K1t201a FirmwareDs K1t320 Firmware+25 more Mar 18, 2026 Jan 13, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunctio...Show more There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.Show less
CVE-2025-66174 1Hikvision 2Ds 7104hghi F1 Firmware Ds 7204hghi F1 Firmware Dec 23, 2025 Dec 19, 2025 N/A· v4 6.8 MEDIUM· v3 N/A· v2 There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerabilit...Show more There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and run a series of commands.Show less
CVE-2025-66173 1Hikvision 2Ds 7104hghi F1 Firmware Ds 7204hghi F1 Firmware Dec 23, 2025 Dec 19, 2025 N/A· v4 6.2 MEDIUM· v3 N/A· v2 There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by...Show more There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and gaining access to an unrestricted shell environment.Show less
CVE-2024-47487 1Hikvision 1Hikcentral Professional Mar 19, 2025 Oct 18, 2024 7.2 HIGH· v4 8.8 HIGH· v3 N/A· v2 There is a SQL injection vulnerability in some HikCentral Professional versions. This could allow an authenticated user to execute arbitrary SQL queries.
CVE-2024-47486 1Hikvision 1Hikcentral Master Nov 21, 2024 Oct 18, 2024 2.1 LOW· v4 6.1 MEDIUM· v3 N/A· v2 There is an XSS vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could inject scripts into certain pages by building malicious data.
CVE-2024-47485 1Hikvision 1Hikcentral Master Mar 13, 2025 Oct 18, 2024 5.5 MEDIUM· v4 9.8 CRITICAL· v3 N/A· v2 There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could build malicious data to generate executable commands in the CSV file.
CVE-2023-33806 1Hikvision 1Ds D5b86rb/b Firmware Jun 20, 2025 Apr 15, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Insecure default configurations in Hikvision Interactive Tablet DS-D5B86RB/B V2.3.0 build220119, allows attackers to execute arbitrary commands.
CVE-2024-25064 1Hikvision 1Hikcentral Professional Nov 21, 2024 Mar 2, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Due to insufficient server-side validation, an attacker with login privileges could access certain resources that the attacker should not have access to by changing parameter values.
CVE-2024-25063 1Hikvision 1Hikcentral Professional Mar 27, 2025 Mar 2, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Due to insufficient server-side validation, a successful exploit of this vulnerability could allow an attacker to gain access to certain URLs that the attacker should not have access to.
CVE-2023-6895 1Hikvision 1Intercom Broadcast System Nov 21, 2024 Dec 17, 2023 N/A· v4 9.8 CRITICAL· v3 5.8 MEDIUM· v2 A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of th...Show more A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondata[ip] with the input netstat -ano leads to os command injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-248254 is the identifier assigned to this vulnerability.Show less
CVE-2023-6894 1Hikvision 1Intercom Broadcast System Nov 21, 2024 Dec 17, 2023 N/A· v4 6.5 MEDIUM· v3 3.3 LOW· v2 A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been classified as problematic. This affects an unknown part of the file access/html/system.html of the component Lo...Show more A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been classified as problematic. This affects an unknown part of the file access/html/system.html of the component Log File Handler. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-248253 was assigned to this vulnerability.Show less
CVE-2023-6893 1Hikvision 1Intercom Broadcast System Nov 21, 2024 Dec 17, 2023 N/A· v4 7.5 HIGH· v3 3.3 LOW· v2 A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) and classified as problematic. Affected by this issue is some unknown functionality of the file /php/exportrecord.php. The m...Show more A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) and classified as problematic. Affected by this issue is some unknown functionality of the file /php/exportrecord.php. The manipulation of the argument downname with the input C:\ICPAS\Wnmp\WWW\php\conversion.php leads to path traversal. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248252.Show less
CVE-2023-28813 1Hikvision 1Localservicecomponents Nov 21, 2024 Nov 23, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An attacker could exploit a vulnerability by sending crafted messages to computers installed with this plug-in to modify plug-in parameters, which could cause affected computers to download malicious files.
CVE-2023-28812 1Hikvision 1Localservicecomponents Nov 21, 2024 Nov 23, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 There is a buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit the vulnerability by sending crafted messages to computers installed with this plug-in, which could lead to arbitrary c...Show more There is a buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit the vulnerability by sending crafted messages to computers installed with this plug-in, which could lead to arbitrary code execution or cause process exception of the plug-in.Show less
CVE-2023-28811 1Hikvision 40Ds 7104ni Q1(c) Firmware Ds 7104ni Q1(d) FirmwareDs 7108ni Q1(c) Firmware+37 more Nov 21, 2024 Nov 23, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted p...Show more There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.Show less
CVE-2023-28810 1Hikvision 37Ds K1t320efwx Firmware Ds K1t320efx FirmwareDs K1t320ewx Firmware+34 more Nov 21, 2024 Jun 15, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable i...Show more Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network.Show less
CVE-2023-28809 1Hikvision 26Ds K1t320efwx Firmware Ds K1t320efx FirmwareDs K1t320ewx Firmware+23 more Nov 21, 2024 Jun 15, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the...Show more Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user.Show less
CVE-2023-28808 1Hikvision 10Ds A71024 Firmware Ds A71048 FirmwareDs A71048r Cvs Firmware+7 more Nov 21, 2024 Apr 11, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affe...Show more Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.Show less
CVE-2022-28173 1Hikvision 2Ds 3wf01c 2n/o Firmware Ds 3wf0ac 2nt Firmware Nov 21, 2024 Dec 19, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to t...Show more The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.Show less
CVE-2022-28172 1Hikvision 11Ds A71024 Firmware Ds A71048 FirmwareDs A71048r Cvs Firmware+8 more Nov 21, 2024 Jun 27, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to XSS attack by sending me...Show more The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to XSS attack by sending messages with malicious commands to the affected device.Show less

12 Next