Stack Overflow Vulnerability in Hikvision NVR/DVR/CVR/IPC Devices
CVE-2025-66177

8.8HIGH

Key Information:

Vendor: Hikvision
Status: Ds-96xxxni-hx; Ds-96xxxni-ix; Ds-96xxnxi-sx; Ds-96xxxnxi-sx
Vendor: CVE Published:; 13 January 2026

What is CVE-2025-66177?

A stack overflow vulnerability has been identified in the search and discovery feature of Hikvision's NVR, DVR, CVR, and IPC devices. An attacker with access to the same local area network (LAN) could exploit this flaw by sending specifically crafted packets to an unpatched device, potentially causing it to malfunction. Users are encouraged to apply necessary updates to mitigate this risk.

Affected Version(s)

DS-2CD1xx1 Versions below V5.7.23_241015 (including V5.7.23_241015)

DS-2CD1xxxG0(T) Versions below V5.7.23_241015 (including V5.7.23_241015)

DS-2CD1xxxG2 Versions below V5.7.13_230822 (including V5.7.13_230822)

References

https://www.hikvision.com/en/support/cybersecurity/securi...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 13, 2026
Vulnerability Reserved
Nov 24, 2025

Credit

Angel Lozano Alcazar

Pedro Guillen Nuñez

JSON