Reset

Update on Buffer Overflow Vulnerability

August 15, 2018

Security Notification- Buffer Overflow Vulnerability in Some Hikvision IP Cameras Edited on August 15, 2018

SN No.: HSRC-201808-01
Edit: Hikvision Security Response Center (HSRC)
Initial release date: 2018-08-13
Update Date: 2018-08-23

Summary:
A buffer overflow vulnerability in the web server of some Hikvision IP cameras allows an
attacker to send a specially crafted message to affected devices. Due to the insufficient
input validation, a successful exploit can corrupt memory and lead to arbitrary code
execution or crash the process.

CVE ID:
CVE-2018-6414

Scoring:
CVSS v3 is adopted in this vulnerability scoring (http://www.first.org/cvss/specificationdocument)
Base score: 8.9 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H)
Temporal score: 8.0 (E:P/RL:O/RC:C)

Affected versions and resolved version:
Information of affected versions and resolved versions:
Aug. 15, 2018 Update: Subsequent testing revealed that some of the products listed below are not susceptible to the Buffer Overflow vulnerability. Those products have been crossed out below.

IPC:


Product Name
 


Affected Version(s)
 


Resolved Version(s)
 

DS-2CD2xx5

V5.5.0 build170725 to V5.5.52 build180511

V5.5.61 build180718

DS-2CD2xx3

DS-2CD2X12FWD

V5.5.0 build170725 to V5.5.52 build 180427

V5.5.53 build180730

DS-2CD2X22FWD

DS-2CD2X42FWD

DS-2CD2X52F

DS-2CD4x26FWD

V5.5.0 build170914 to V5.5.52 build180601

V5.5.53 build180719

 

IPD*:


Product Name
 


Affected Version(s)
 


Resolved Version(s)
 

DS-2DF5xxx

V5.5.2 build171201 and previous versions*

V5.5.71 build180723

DS-2DF6xxx

DS-2DF7xxx

DS-2DF8xxx

DS-2DT6223

DS-2DE4xxxW

V5.5.6 build180408 and previous versions*

V5.5.71 build180725

DS-2DE5xxxW

DS-2DE7xxxW

* 2018/08/23 update: The affected version of IPD doesn't include V5.4.0 and previous versions. 


Precondition:

An attacker must have access to the device or the network on which the device is connected.
This is especially true for devices that are directly connected to the Internet.


Attack step:
Send a specially crafted message to the camera over the network.
Obtaining fixed firmware:
(See chart above)


Source of vulnerability information:
This vulnerability was reported to HSRC by Ori Hollander of VDOO Connected Trust LTD.,
an Israeli security company focused on IoT security.


Contact Us:
Should you have a security problem or concern, please contact the Hikvision Security
Response Center at hsrc@hikvision.com.

IMPORTANT! This model requires non-standard firmware. Do Not Install standard firmware (e.g. v.4.1.xx) on this model. Doing so will permanently damage your system. You must use custom firmware v.4.1.25 from the iDS-9632NXI-I8/16S product page.

By downloading and using software and other materials available via this website, you agree to be legally bound by HIKVISION General Terms of Use . If you don’t agree to these terms, you may not download or use any of those materials.

If you are agreeing on behalf of your company, you represent and warrant that you have legal authority to bind your company to the General Terms of Use above. Also you represent and warrant that you are of the legal age of majority in the jurisdiction in which you reside (at least 18 years of age in many countries).