CVE-2024-29947

Name of the Vulnerable Software and Affected Versions: Hikvision NVRs (affected versions not specified) Hikvision DS-7604NI-K1/4P(B) (affected versions not specified)

Description: The issue is related to a NULL dereference pointer vulnerability. It is caused by insufficient validation of a parameter in a message, allowing an attacker to send specially crafted messages to an affected product. This can cause a process abnormality, potentially leading to a denial of service.

Recommendations: For Hikvision NVRs, consider restricting access to the Message Handler component until a patch is available. For Hikvision DS-7604NI-K1/4P(B), avoid using the vulnerable Message Handler component in the IP camera's microprogram software until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.