CVE-2017-7921

Name of the Vulnerable Software and Affected Versions Hikvision DS-2CD2xx2F-I Series versions V5.2.0 build 140721 through V5.4.0 build 160530 Hikvision DS-2CD2xx0F-I Series versions V5.2.0 build 140721 through V5.4.0 Build 160401 Hikvision DS-2CD2xx2FWD Series versions V5.3.1 build 150410 through V5.4.4 Build 161125 Hikvision DS-2CD4x2xFWD Series versions V5.2.0 build 140721 through V5.4.0 Build 160414 Hikvision DS-2CD4xx5 Series versions V5.2.0 build 140721 through V5.4.0 Build 160421 Hikvision DS-2DFx Series versions V5.2.0 build 140805 through V5.4.5 Build 160928 Hikvision DS-2CD63xx Series versions V5.0.9 build 140305 through V5.3.5 Build 160106

Description An improper authentication issue exists in Hikvision IP cameras. The issue occurs when an application does not correctly authenticate users, potentially allowing a malicious user to elevate their privileges and access sensitive information. Evidence suggests this issue is being actively exploited.

Recommendations Hikvision DS-2CD2xx2F-I Series versions V5.2.0 build 140721 through V5.4.0 build 160530: Update to a newer version. Hikvision DS-2CD2xx0F-I Series versions V5.2.0 build 140721 through V5.4.0 Build 160401: Update to a newer version. Hikvision DS-2CD2xx2FWD Series versions V5.3.1 build 150410 through V5.4.4 Build 161125: Update to a newer version. Hikvision DS-2CD4x2xFWD Series versions V5.2.0 build 140721 through V5.4.0 Build 160414: Update to a newer version. Hikvision DS-2CD4xx5 Series versions V5.2.0 build 140721 through V5.4.0 Build 160421: Update to a newer version. Hikvision DS-2DFx Series versions V5.2.0 build 140805 through V5.4.5 Build 160928: Update to a newer version. Hikvision DS-2CD63xx Series versions V5.0.9 build 140305 through V5.3.5 Build 160106: Update to a newer version.