Configuration File Password Vulnerability in Hikvision Surveillance Products
CVE-2017-7923
8.8HIGH
What is CVE-2017-7923?
A vulnerability in various Hikvision DS-2CD surveillance camera series has been identified, where the password is stored in the configuration file. This configuration flaw can potentially allow an attacker to escalate privileges or impersonate another user, thereby gaining unauthorized access to sensitive information. All users are urged to review their device configurations and apply security best practices to mitigate associated risks.
Affected Version(s)
Hikvision Cameras Hikvision Cameras
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved