PT-2026-2347 · Hikvision · Hikvision Access Control Products
Matt Wiseman
·
Published
2026-01-12
·
Updated
2026-03-19
·
CVE-2025-66176
CVSS v3.1
8.8
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Hikvision Access Control Products (affected versions not specified)
Description
A stack overflow issue exists in the device Search and Discovery feature of Hikvision Access Control Products. An attacker on the same local area network (LAN) can cause the device to malfunction by sending specially crafted packets to an unpatched device. The issue does not require authentication. Millions of surveillance systems globally may be affected.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hikvision Access Control Products