Unrated severityNVD Advisory· Published Dec 19, 2025· Updated Dec 19, 2025

CVE-2025-66174

Description

There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and run a series of commands.

Affected products

Tvt/Dvrllm-fuzzy
Hikvision/DS-7104HGHI-F1v5
Range: Versions below V4.30.122_201107 (including V4.30.122_201107)
Hikvision/DS-7204HGHI-F1v5
Range: Versions below V4.30.122_201107 (including V4.30.122_201107)

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.hikvision.com/en/support/cybersecurity/security-advisory/serial-port-privilege-escalation-vulnerabilities-in-some-hikvision-nvr-devices/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000