Buffer Overflow Vulnerability in Hikvision NVR Devices
CVE-2015-4409

6.5MEDIUM

Key Information:

Vendor: Hikvision
Status: Ds-76xxx Series Firmware
Vendor: CVE Published:; 13 March 2017

What is CVE-2015-4409?

A buffer overflow vulnerability exists in Hikvision NVR models DS-76xxNI-E1/2 and DS-77xxxNI-E4, affecting versions prior to 3.4.0. This vulnerability allows remote authenticated users to exploit the system, potentially leading to denial of service. The issue arises from improper handling of crafted HTTP requests, enabling attackers to cause service disruptions.

References

http://www.hikvision.com/En/Press-Release-details_435_i10...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 13, 2017
Vulnerability Reserved
Jun 6, 2015