Buffer Overflow Vulnerability in Hikvision NVR Devices
CVE-2015-4408

6.5MEDIUM

Key Information:

Vendor: Hikvision
Status: Ds-76xxx Series Firmware
Vendor: CVE Published:; 13 March 2017

What is CVE-2015-4408?

A buffer overflow vulnerability exists in Hikvision NVR models DS-76xxNI-E1/2 and DS-77xxxNI-E4 prior to version 3.4.0. This flaw allows remote authenticated users to exploit the system via specially crafted HTTP requests, potentially leading to service interruptions. This issue is referred to as the ISAPI problem and highlights the importance of keeping your NVR systems updated to ensure security and operational integrity.

References

http://www.hikvision.com/En/Press-Release-details_435_i10...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 13, 2017
Vulnerability Reserved
Jun 6, 2015