Sign-up

ID

VAR-201411-0537


CVE

CVE-2014-4879


TITLE

Hikvision DVR DS-7204 RTSP Request Header Handles Remote Buffer Overflow Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2014-08565

DESCRIPTION

The Hikvision DVR is a hard disk recorder. Hikvision DVR DS-7204 has a remote buffer overflow vulnerability. The program failed to perform a sufficient boundary check on the input provided by the user. An attacker could exploit this vulnerability to execute arbitrary code in the context of an affected device. Hikvision DVR DS-7204 is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary-checks on user-supplied input. Failed exploit attempts may result in a denial-of-service condition. Hikvision DVR DS-7204 running firmware 2.2.10 is vulnerable; other devices may also be affected

Trust: 0.9

sources: CNVD: CNVD-2014-08565 // BID: 71303 // VULMON: CVE-2014-4879

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-08565

AFFECTED PRODUCTS

vendor:hikvisionmodel:dvr ds-7204scope:eqversion:2.2.10

Trust: 0.6

vendor:hikvisionmodel:digital technology ds-7204scope:eqversion:2.2.10

Trust: 0.3

sources: CNVD: CNVD-2014-08565 // BID: 71303

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2014-08565
value: HIGH

Trust: 0.6

CNVD: CNVD-2014-08565
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2014-08565

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201412-018

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201412-018

PATCH

title:Hikvision DVR DS-7204 RTSP request header handles patches for remote buffer overflow vulnerabilitiesurl:https://www.cnvd.org.cn/patchinfo/show/54368

Trust: 0.6

title:https://github.com/Samsung/cotopaxiurl:https://github.com/samsung/cotopaxi

Trust: 0.1

title:Threatposturl:https://threatpost.com/remote-code-execution-in-popular-hikvision-surveillance-dvr/109552/

Trust: 0.1

sources: CNVD: CNVD-2014-08565 // VULMON: CVE-2014-4879

EXTERNAL IDS

db:BIDid:71303

Trust: 1.6

db:NVDid:CVE-2014-4879

Trust: 1.6

db:CNVDid:CNVD-2014-08565

Trust: 0.6

db:CNNVDid:CNNVD-201412-018

Trust: 0.6

db:VULMONid:CVE-2014-4879

Trust: 0.1

sources: CNVD: CNVD-2014-08565 // VULMON: CVE-2014-4879 // BID: 71303 // CNNVD: CNNVD-201412-018

REFERENCES

url:http://www.securityfocus.com/bid/71303

Trust: 1.3

url:http://www.hikvision.com/en/us/products_show.asp?id=4258

Trust: 0.3

url:https://community.rapid7.com/community/metasploit/blog/2014/11/19/r7-2014-18-hikvision-dvr-devices--multiple-vulnerabilities

Trust: 0.3

url:https://threatpost.com/remote-code-execution-in-popular-hikvision-surveillance-dvr/109552/

Trust: 0.1

url:https://github.com/samsung/cotopaxi

Trust: 0.1

sources: CNVD: CNVD-2014-08565 // VULMON: CVE-2014-4879 // BID: 71303 // CNNVD: CNNVD-201412-018

CREDITS

Mark Schloesser

Trust: 0.9

sources: BID: 71303 // CNNVD: CNNVD-201412-018

SOURCES

db:CNVDid:CNVD-2014-08565
db:VULMONid:CVE-2014-4879
db:BIDid:71303
db:CNNVDid:CNNVD-201412-018

LAST UPDATE DATE

2023-12-26T23:01:48.171000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2014-08565date:2015-01-22T00:00:00
db:BIDid:71303date:2014-11-19T00:00:00
db:CNNVDid:CNNVD-201412-018date:2014-12-04T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2014-08565date:2014-11-28T00:00:00
db:BIDid:71303date:2014-11-19T00:00:00
db:CNNVDid:CNNVD-201412-018date:2014-11-19T00:00:00