Buffer Overflow Vulnerability in Hikvision DS-2CD7153-E IP Camera
CVE-2013-4977

Currently unrated

Key Information:

Vendor: Hikvision
Status: Ds-2cd7153-e Firmware; Ds-2cd7153-e
Vendor: CVE Published:; 3 March 2014

What is CVE-2013-4977?

A buffer overflow vulnerability exists in the RTSP Packet Handler of Hikvision's DS-2CD7153-E IP camera, specifically affecting firmware version 4.1.0 b130111 released in January 2013. This flaw allows remote attackers to disrupt service by sending a maliciously crafted long string in the Range header field of an RTSP transaction, leading to device crashes and reboots. In some instances, it may enable the execution of arbitrary code, further compromising the device's security.

References

http://www.securityfocus.com/bid/61642

vdb-entryx_refsource_BID

http://www.coresecurity.com/advisories/hikvision-ip-camer...

x_refsource_MISC

http://archives.neohapsis.com/archives/bugtraq/2013-08/00...

mailing-listx_refsource_BUGTRAQ

EPSS Score

46% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 3, 2014
Vulnerability Reserved
Jul 29, 2013