Buffer Overflow Vulnerability in Hikvision NVR Devices
CVE-2015-4407

6.5MEDIUM

Key Information:

Vendor: Hikvision
Status: Ds-76xxx Series Firmware
Vendor: CVE Published:; 13 March 2017

What is CVE-2015-4407?

The buffer overflow vulnerability in Hikvision NVR models DS-76xxNI-E1/2 and DS-77xxxNI-E4, prior to version 3.4.0, allows remote authenticated users to exploit the device by sending specially crafted HTTP requests. This can lead to a denial of service, causing service interruptions and compromising the availability of the affected systems.

References

http://www.hikvision.com/En/Press-Release-details_435_i10...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 13, 2017
Vulnerability Reserved
Jun 6, 2015