CVE-2017-7921: Hikvision Improper Authentication Vulnerability

Hikvision IP cameras contain a critical improper authentication flaw allowing privilege escalation and unauthorized data access.

What Is It

This vulnerability stems from inadequate user authentication checks within specific Hikvision firmware versions. Identified as CWE-287, the flaw permits malicious actors to bypass security controls, escalate privileges, and retrieve sensitive information without valid credentials or prior authorization. The issue resides in the application layer where authentication logic fails to validate user identity correctly.

Why It Matters

Rated Critical with a CVSS v3.0 score of 10.0, this issue poses severe risk to surveillance infrastructure. Its inclusion in the CISA Known Exploited Vulnerabilities (KEV) catalog indicates active exploitation in the wild. Compromised devices can lead to unauthorized video access and potential lateral movement within OT or IoT networks, facilitating broader network compromise via a low-complexity network attack vector. Attackers require no privileges or user interaction to exploit this flaw remotely.

What's Vulnerable

Affected products include Hikvision DS-2CD2xx2F-I Series (V5.2.0 build 140721 to V5.4.0 build 160530), DS-2CD2xx0F-I Series, DS-2CD2xx2FWD Series, DS-2CD4x2xFWD Series, DS-2CD4xx5 Series, DS-2DFx Series, and DS-2CD63xx Series. Vulnerability exists across firmware builds ranging from early 2014 to late 2016 releases, specifically targeting V5.x versions where authentication is not enforced properly. Specific build ranges vary by product line but generally cover older legacy firmware.

Patch Status

CISA mandates applying mitigations per vendor instructions or discontinuing use if unavailable. Hikvision has released a special notice regarding this privilege-escalating vulnerability. Organizations should review vendor guidance immediately and follow applicable BOD 22-01 guidance for cloud services, as the vulnerability remains exploitable via network access without user interaction or complex attack vectors.

Sources

CISA KEV Catalog, National Vulnerability Database (NVD), Hikvision Vendor Advisories.