Update on Buffer Overflow Vulnerability

Hikvision has become aware of a vulnerability involving its video surveillance products that could potentially present a cybersecurity risk. In the interest of protecting our customers from any potential cybersecurity threats, Hikvision has proactively corrected the vulnerability in the latest version of its firmware. We advise all users of the affected cameras to download the latest firmware updates available below.

A buffer overflow vulnerability in the web server of some Hikvision IP Cameras allows an attacker to send a specially crafted message to affected devices. Due to the insufficient input validation, successful exploit can corrupt memory and lead to arbitrary code execution or crash the process.

What should you do if your products are affected?

Users should download the updated firmware to guard against the potential vulnerability. It is available on the Hikvision official website: Hikvision – Security Notices

Please refer to the table in the above link to confirm whether your products are affected.

  1. Install the latest version of patched firmware.
  2. Ensure that all devices are appropriately protected using cybersecurity best practices.

Thank you for your patience and continued support as we work through these security issues. As your trusted partner, it is our responsibility to be vigilant and transparent about cybersecurity threats, to keep you informed, and to employ the industry’s best practices. We encourage our partners to take advantage of the many cybersecurity resources Hikvision offers, including the Hikvision Cybersecurity Center – an industry-leading cybersecurity resource. At the center you can find detailed information about the Hikvision Network and Information Security Lab, third-party and internal testing, and third-party certifications.

If you have a security problem or concern, please contact Hikvision Security Response Center at hsrc@hikvision.com. Additionally, customers can also contact Tech Support or their Hikvision representative anytime with any questions.

Bulletin Courtesy: Hikvision РSecurity Notices