CVE-2017-7923

Name of the Vulnerable Software and Affected Versions Hikvision DS-2CD2xx2F-I Series versions V5.2.0 build 140721 through V5.4.0 build 160530 Hikvision DS-2CD2xx0F-I Series versions V5.2.0 build 140721 through V5.4.0 Build 160401 Hikvision DS-2CD2xx2FWD Series versions V5.3.1 build 150410 through V5.4.4 Build 161125 Hikvision DS-2CD4x2xFWD Series versions V5.2.0 build 140721 through V5.4.0 Build 160414 Hikvision DS-2CD4xx5 Series versions V5.2.0 build 140721 through V5.4.0 Build 160421 Hikvision DS-2DFx Series versions V5.2.0 build 140805 through V5.4.5 Build 160928 Hikvision DS-2CD63xx Series versions V5.0.9 build 140305 through V5.3.5 Build 160106

Description A Password in Configuration File issue was discovered in various Hikvision devices. This issue could allow a malicious user to escalate privileges or assume the identity of another user and access sensitive information.

Recommendations For Hikvision DS-2CD2xx2F-I Series versions V5.2.0 build 140721 through V5.4.0 build 160530, update the configuration file to remove the vulnerable password. For Hikvision DS-2CD2xx0F-I Series versions V5.2.0 build 140721 through V5.4.0 Build 160401, update the configuration file to remove the vulnerable password. For Hikvision DS-2CD2xx2FWD Series versions V5.3.1 build 150410 through V5.4.4 Build 161125, update the configuration file to remove the vulnerable password. For Hikvision DS-2CD4x2xFWD Series versions V5.2.0 build 140721 through V5.4.0 Build 160414, update the configuration file to remove the vulnerable password. For Hikvision DS-2CD4xx5 Series versions V5.2.0 build 140721 through V5.4.0 Build 160421, update the configuration file to remove the vulnerable password. For Hikvision DS-2DFx Series versions V5.2.0 build 140805 through V5.4.5 Build 160928, update the configuration file to remove the vulnerable password. For Hikvision DS-2CD63xx Series versions V5.0.9 build 140305 through V5.3.5 Build 160106, update the configuration file to remove the vulnerable password.