VYPR
Vendor

Hikvision

Products
54
CVEs
47
Across products
72
Status
Private

Products

54
View all 54 products →

Recent CVEs

47
View all 47 CVEs →
  • CVE-2017-7921CriKEVMay 6, 2017
    risk 0.87cvss 9.8epss 1.00

    An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series…

  • CVE-2025-34067CriJul 2, 2025
    risk 0.66cvss epss 0.19

    An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user…

  • CVE-2023-28815CriOct 17, 2025
    risk 0.64cvss 9.8epss 0.01

    Some versions of Hikvision's iSecure Center Product contain insufficient parameter validation, resulting in a command injection vulnerability. Attackers may exploit this to gain platform privileges and execute arbitrary commands on the system.iSecure Center is software released…

  • CVE-2023-28814CriOct 17, 2025
    risk 0.64cvss 9.8epss 0.00

    Some versions of Hikvision's iSecure Center Product have an improper file upload control vulnerability. Due to the improper verification of file to be uploaded, attackers may upload malicious files to the server. iSecure Center is software released for China's domestic market…

  • CVE-2018-6414CriAug 13, 2018
    risk 0.64cvss 9.8epss 0.03

    A buffer overflow vulnerability in the web server of some Hikvision IP Cameras allows an attacker to send a specially crafted message to affected devices. Due to the insufficient input validation, successful exploit can corrupt memory and lead to arbitrary code execution or…

  • CVE-2025-34058HigJul 1, 2025
    risk 0.57cvss epss 0.01

    Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After authenticating with these credentials, an attacker can exploit an arbitrary file read vulnerability in the…

  • CVE-2017-7923HigMay 6, 2017
    risk 0.57cvss 8.8epss 0.02

    A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD…

  • CVE-2025-39247HigAug 29, 2025
    risk 0.56cvss 8.6epss 0.01

    There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission.

  • CVE-2024-58274HigOct 22, 2025
    risk 0.54cvss 8.3epss 0.18

    Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2024-08-01 allows execution of a command within $( ) in /center/api/installation/detection JSON data, as exploited in the wild in 2024 and 2025.

  • CVE-2023-53691HigOct 22, 2025
    risk 0.54cvss 8.3epss 0.01

    Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2023-06-25 allows file upload via /center/api/files directory traversal, as exploited in the wild in 2024 and 2025.

  • CVE-2017-13774HigAug 30, 2017
    risk 0.51cvss 7.8epss 0.00

    Hikvision iVMS-4200 devices before v2.6.2.7 allow local users to generate password-recovery codes via unspecified vectors.

  • CVE-2025-45851HigJun 27, 2025
    risk 0.49cvss 7.5epss 0.01

    An issue in Hikvision DS-2CD1321-I V5.7.21 build 230819 allows attackers to cause a Denial of Service (DoS) via sending a crafted POST request to the endpoint /ISAPI/Security/challenge. The vendor has stated that upgrading to V5.7.23_SP2 fixes the issue.

  • CVE-2018-6413HigApr 18, 2018
    risk 0.49cvss 7.5epss 0.02

    There is a buffer overflow in the Hikvision Camera DS-2CD9111-S of V4.1.2 build 160203 and before, and this vulnerability allows remote attackers to launch a denial of service attack (service interruption) via a crafted network setting interface request.

  • CVE-2026-3828HigMay 9, 2026
    risk 0.47cvss 7.2epss 0.01

    Some Hikvision switch products (discontinued since December 2023) are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to…

  • CVE-2026-1749MedMay 9, 2026
    risk 0.44cvss 6.8epss 0.00

    There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission.

  • CVE-2017-14953MedDec 1, 2017
    risk 0.42cvss 6.5epss 0.00

    HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate attackers to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi encryption or authentication. NOTE: Vendor states that this is not a…

  • CVE-2015-4409MedMar 13, 2017
    risk 0.42cvss 6.5epss 0.01

    Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the SDK issue.

  • CVE-2015-4408MedMar 13, 2017
    risk 0.42cvss 6.5epss 0.01

    Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the ISAPI issue.

  • CVE-2015-4407MedMar 13, 2017
    risk 0.42cvss 6.5epss 0.01

    Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the PSIA issue.

  • CVE-2025-39246MedAug 29, 2025
    risk 0.34cvss 5.3epss 0.00

    There is an Unquoted Service Path Vulnerability in some HikCentral FocSign versions. This could allow an authenticated user to potentially enable escalation of privilege via local access.