Vulnerabilities > Hikvision > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-03-02 CVE-2024-25064 Unspecified vulnerability in Hikvision Hikcentral Professional
Due to insufficient server-side validation, an attacker with login privileges could access certain resources that the attacker should not have access to by changing parameter values.
network
low complexity
hikvision
4.3
4.3
2023-12-17 CVE-2023-6894 Unspecified vulnerability in Hikvision Intercom Broadcast System
A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK).
network
low complexity
hikvision
6.5
6.5
2023-11-23 CVE-2023-28811 Classic Buffer Overflow vulnerability in Hikvision products
There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models.
low complexity
hikvision CWE-120
6.5
6.5
2023-06-15 CVE-2023-28810 Unspecified vulnerability in Hikvision products
Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities.
low complexity
hikvision
4.3
4.3
2022-06-27 CVE-2022-28172 Cross-site Scripting vulnerability in Hikvision products
The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability.
network
low complexity
hikvision CWE-79
6.1
6.1
2020-01-14 CVE-2020-7057 Improper Restriction of Excessive Authentication Attempts vulnerability in Hikvision Ds-7204Hghi-F1 Firmware 4.0.1
Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users.
network
low complexity
hikvision CWE-307
5.0
5.0
2018-04-18 CVE-2018-6413 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hikvision Ds-2Cd9111-S Firmware
There is a buffer overflow in the Hikvision Camera DS-2CD9111-S of V4.1.2 build 160203 and before, and this vulnerability allows remote attackers to launch a denial of service attack (service interruption) via a crafted network setting interface request.
network
low complexity
hikvision CWE-119
5.0
5.0
2017-12-01 CVE-2017-14953 Missing Encryption of Sensitive Data vulnerability in Hikvision Ds-2Cd2432F-Iw Firmware 5.3.0/5.4.0
HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate attackers to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi encryption or authentication.
low complexity
hikvision CWE-311
6.5
6.5
2017-05-06 CVE-2017-7923 Information Exposure vulnerability in Hikvision products
A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices.
network
low complexity
hikvision CWE-200
4.0
4.0
2017-03-13 CVE-2015-4409 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hikvision Ds-76Xxx Series Firmware and Ds-77Xxx Series Firmware
Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the SDK issue.
network
low complexity
hikvision CWE-119
6.8
6.8