QwikSec

Security Database

CVE

CWE

Training

CVE-2024-29949

Published: Apr 2, 2024

Modified: Aug 27, 2024

PUBLISHED

CVSS v3.1

7.2

HIGH

Description

There is a command injection vulnerability in some Hikvision NVRs. This could allow an authenticated user with administrative rights to execute arbitrary commands.

Vendor	Product	Versions
Hikvision	DS-7604NI-K1 / 4P(B)	affected `V4.30.096build221220 and the versions prior to it`
Hikvision	DS-76xxNI-Mx	affected `Versions after V5.00.000 (including V5.00.000) and before V5.02.006（not including V5.02.006）`
Hikvision	DS-77xxNI-Mx	affected `Versions after V5.00.000 (including V5.00.000) and before V5.02.006（not including V5.02.006）`
Hikvision	DS-96xxxNI-Mxx	affected `Versions after V5.00.000 (including V5.00.000) and before V5.02.006（not including V5.02.006）`
Hikvision	DS-76xxNXI-Ix	affected `Versions after V5.00.000 (including V5.00.000) and before V5.02.006（not including V5.02.006）`
Hikvision	DS-77xxNXI-Ix	affected `Versions after V5.00.000 (including V5.00.000) and before V5.02.006（not including V5.02.006）`
Hikvision	DS-86xxNXI-Ix	affected `Versions after V5.00.000 (including V5.00.000) and before V5.02.006（not including V5.02.006）`
Hikvision	DS-96xxNXI-Ix	affected `Versions after V5.00.000 (including V5.00.000) and before V5.02.006（not including V5.02.006）`
Hikvision	iDS-76xxNXI-Mx	affected `Versions after V5.00.000 (including V5.00.000) and before V5.02.006（not including V5.02.006）`
Hikvision	iDS-77xxNXI-Mx	affected `Versions after V5.00.000 (including V5.00.000) and before V5.02.006（not including V5.02.006）`
Hikvision	iDS-96xxxMXI-Mxx	affected `Versions after V5.00.000 (including V5.00.000) and before V5.02.006（not including V5.02.006）`
Hikvision	DS-7604NI-M1/4P	affected `Versions after V5.00.000 (including V5.00.000) and before V5.01.070（not including V5.01.070）`

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikvision-nvr-devices/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.