Details of VAR-201705-3762

ID

VAR-201705-3762

CVE

CVE-2017-7921

TITLE

plural Hikvision Authentication vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-003961

DESCRIPTION

An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information. plural Hikvision The product contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HikvisionCameras is a camera produced by Haikang. A number of HikvisionCameras have an incorrect authentication vulnerability. Multiple Hikvision Cameras are prone to an information-disclosure vulnerability and an authentication-bypass vulnerability. Other attacks are also possible. Hikvision DS-2CD2xx2F-I Series are all network camera products of China Hikvision Company

Trust: 2.79

sources: NVD: CVE-2017-7921 // JVNDB: JVNDB-2017-003961 // CNVD: CNVD-2017-06977 // BID: 98313 // IVD: 452557e5-8b2a-4ccf-8f68-5c107568fe4a // VULHUB: VHN-116124 // VULMON: CVE-2017-7921

IOT TAXONOMY

category:	['IoT', 'ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: 452557e5-8b2a-4ccf-8f68-5c107568fe4a // CNVD: CNVD-2017-06977

AFFECTED PRODUCTS

vendor:	hikvision	model:	ds-2cd4332fwd-i\	scope:	eq	version:	-	Trust: 4.8
vendor:	hikvision	model:	ds-2cd4324f-i\	scope:	eq	version:	-	Trust: 4.8
vendor:	hikvision	model:	ds-2cd4312f-i\	scope:	eq	version:	-	Trust: 3.6
vendor:	hikvision	model:	ds-2cd4212fwd-i\	scope:	eq	version:	-	Trust: 3.0
vendor:	hikvision	model:	ds-2cd4012fwd-\	scope:	eq	version:	-	Trust: 3.0
vendor:	hikvision	model:	ds-2cd4032fwd-\	scope:	eq	version:	-	Trust: 3.0
vendor:	hikvision	model:	ds-2cd4024f-\	scope:	eq	version:	-	Trust: 3.0
vendor:	hikvision	model:	ds-2cd4212f-i\	scope:	eq	version:	-	Trust: 3.0
vendor:	hikvision	model:	ds-2cd4232fwd-i\	scope:	eq	version:	-	Trust: 3.0
vendor:	hikvision	model:	ds-2cd4224f-i\	scope:	eq	version:	-	Trust: 3.0
vendor:	hikvision	model:	ds-2cd4012f-\	scope:	eq	version:	-	Trust: 3.0
vendor:	hikvision digital	model:	ds-2cd4012f-	scope:	-	version:	-	Trust: 2.4
vendor:	hikvision digital	model:	ds-2cd4012fwd-	scope:	-	version:	-	Trust: 2.4
vendor:	hikvision digital	model:	ds-2cd4024f-	scope:	-	version:	-	Trust: 2.4
vendor:	hikvision digital	model:	ds-2cd4032fwd-	scope:	-	version:	-	Trust: 2.4
vendor:	hikvision digital	model:	ds-2cd4212f-i	scope:	-	version:	-	Trust: 2.4
vendor:	hikvision digital	model:	ds-2cd4212fwd-i	scope:	-	version:	-	Trust: 2.4
vendor:	hikvision digital	model:	ds-2cd4224f-i	scope:	-	version:	-	Trust: 2.4
vendor:	hikvision digital	model:	ds-2cd4232fwd-i	scope:	-	version:	-	Trust: 2.4
vendor:	hikvision digital	model:	ds-2cd4312f-i	scope:	-	version:	-	Trust: 2.4
vendor:	hikvision digital	model:	ds-2cd4324f-i	scope:	-	version:	-	Trust: 2.4
vendor:	hikvision digital	model:	ds-2cd4332fwd-i	scope:	-	version:	-	Trust: 2.4
vendor:	hikvision	model:	ds-2cd6412fwd	scope:	eq	version:	-	Trust: 1.6
vendor:	hikvision	model:	ds-2cd63xx series	scope:	eq	version:	-	Trust: 1.6
vendor:	hikvision	model:	ds-2dfx series	scope:	eq	version:	-	Trust: 1.6
vendor:	hikvision	model:	ds-2cd2032-i	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd2632f-i\	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd4132fwd-i\	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd2512f-i\	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd2732f-i\	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd4112fwd-i\	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd2312-i	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd2332-i	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd2612f-i\	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd2t32-i3	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd2t32-i8	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd2t32-i5	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd2212-i5	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd2232-i5	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd2112-i	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd2532f-i\	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd4112f-i\	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd2712f-i\	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd4124f-i\	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd2412f-i\	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd2432f-i\	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision	model:	ds-2cd2132-i	scope:	eq	version:	-	Trust: 1.0
vendor:	hikvision digital	model:	ds-2cd2032-i	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd2112-i	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd2132-i	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd2212-i5	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd2232-i5	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd2312-i	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd2332-i	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd2412f-i	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd2432f-i	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd2512f-i	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd2532f-i	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd2612f-i	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd2632f-i	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd2712f-i	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd2732f-i	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd2t32-i3	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd2t32-i5	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd2t32-i8	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd4112f-i	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd4112fwd-i	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd4124f-i	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd4132fwd-i	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd63xx series	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2cd6412fwd	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision digital	model:	ds-2dfx series	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision	model:	ds-2cd2xx2f-i series build build	scope:	gte	version:	v5.2.0140721,<=v5.4.0160530	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2xx0f-i series build build	scope:	gte	version:	v5.2.0140721,<=v5.4.0160401	Trust: 0.6
vendor:	hikvision	model:	ds-2dfx series build build	scope:	gte	version:	v5.2.0140805,<=v5.4.5160928	Trust: 0.6
vendor:	hikvision	model:	ds-2cd63xx series build build	scope:	gte	version:	v5.0.9140305,<=v5.3.5160106	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2xx2fwd series build build	scope:	gte	version:	v5.3.1150410,<=v5.4.4161125	Trust: 0.6
vendor:	hikvision	model:	ds-2cd4x2xfwd series build build	scope:	gte	version:	v5.2.0140721,<=v5.4.0160414	Trust: 0.6
vendor:	hikvision	model:	ds-2cd4xx5 series build build	scope:	gte	version:	v5.2.0140721,<=v5.4.0160421	Trust: 0.6
vendor:	hikvision	model:	digital technology ds-2dfx series build	scope:	eq	version:	5.4.5160928	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2dfx series build	scope:	eq	version:	5.2140805	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2cd63xx series build	scope:	eq	version:	5.3.5160106	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2cd63xx series build	scope:	eq	version:	5.0.9140305	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2cd4xx5 series build	scope:	eq	version:	5.4160421	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2cd4xx5 series build	scope:	eq	version:	5.2140721	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2cd4x2xfwd series build	scope:	eq	version:	5.4160414	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2cd4x2xfwd series build	scope:	eq	version:	5.2140721	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2cd2xx2fwd series build	scope:	eq	version:	5.4.4161125	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2cd2xx2fwd series build	scope:	eq	version:	5.3.1150410	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2cd2xx2f-i series build	scope:	eq	version:	5.4160530	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2cd2xx2f-i series build	scope:	eq	version:	5.2140721	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2cd2xx0f-i series build	scope:	eq	version:	5.4160401	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2cd2xx0f-i series build	scope:	eq	version:	5.2140721	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2dfx series build	scope:	ne	version:	5.4.9170123	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2cd63xx series build	scope:	ne	version:	5.4.5170206	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2cd4xx5 series build	scope:	ne	version:	5.4.5170302	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2cd4x2xfwd series build	scope:	ne	version:	5.4.5170228	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2cd2xx2fwd series build	scope:	ne	version:	5.4.5170124	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2cd2xx2f-i series build	scope:	ne	version:	5.4.5170123	Trust: 0.3
vendor:	hikvision	model:	digital technology ds-2cd2xx0f-i series build	scope:	ne	version:	5.4.5170123	Trust: 0.3
vendor:	ds 2cd2032 i	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd2112 i	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd2132 i	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd2212 i5	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd2232 i5	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd2312 i	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd2332 i	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd2412f i w	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd2432f i w	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd2512f i s	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd2532f i s	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd2612f i s	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd2632f i s	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd2712f i s	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd2732f i s	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd2t32 i3	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd2t32 i5	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd2t32 i8	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4012f a	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4012f p	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4012f w	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4012fwd a	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4012fwd p	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4012fwd w	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4024f a	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4024f p	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4024f w	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4032fwd a	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4032fwd p	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4032fwd w	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4112f i z	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4112fwd i z	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4124f i z	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4132fwd i z	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4212f i h	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4212f i s	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4212f i z	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4212fwd i h	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4212fwd i s	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4212fwd i z	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4224f i h	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4224f i s	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4224f i z	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4232fwd i h	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4232fwd i s	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4232fwd i z	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4312f i h	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4312f i s	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4312f i z	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4324f i h	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4324f i s	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4324f i z	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4332fwd i h	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4332fwd i s	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd4332fwd i z	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd6412fwd	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2dfx series	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ds 2cd63xx series	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: 452557e5-8b2a-4ccf-8f68-5c107568fe4a // CNVD: CNVD-2017-06977 // BID: 98313 // JVNDB: JVNDB-2017-003961 // CNNVD: CNNVD-201704-1049 // NVD: CVE-2017-7921

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-7921
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-7921
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2017-06977
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201704-1049
value:	HIGH
Trust: 0.6
IVD:	452557e5-8b2a-4ccf-8f68-5c107568fe4a
value:	HIGH
Trust: 0.2
VULHUB:	VHN-116124
value:	HIGH
Trust: 0.1
VULMON:	CVE-2017-7921
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-7921
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2017-06977
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	452557e5-8b2a-4ccf-8f68-5c107568fe4a
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-116124
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-7921
baseSeverity:	CRITICAL
baseScore:	10.0
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	6.0
version:	3.0
Trust: 1.8

sources: IVD: 452557e5-8b2a-4ccf-8f68-5c107568fe4a // CNVD: CNVD-2017-06977 // VULHUB: VHN-116124 // VULMON: CVE-2017-7921 // JVNDB: JVNDB-2017-003961 // CNNVD: CNNVD-201704-1049 // NVD: CVE-2017-7921

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-116124 // JVNDB: JVNDB-2017-003961 // NVD: CVE-2017-7921

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-1049

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201704-1049

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-003961

PATCH

title:	HSRC-201703-04	url:	http://www.hikvision.com/us/about_10805.html	Trust: 1.6
title:	Patches for multiple HikvisionCameras incorrect authentication vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/93982	Trust: 0.6
title:	hikvision_CVE-2017-7921_auth_bypass_config_decryptor	url:	https://github.com/chrisjd20/hikvision_CVE-2017-7921_auth_bypass_config_decryptor	Trust: 0.1
title:	CVE-2017-7921-EXP	url:	https://github.com/JrDw0/CVE-2017-7921-EXP	Trust: 0.1
title:	CVE_2017_7921_EXP	url:	https://github.com/A403/CVE_2017_7921_EXP	Trust: 0.1
title:	cve-2017-7921-golang	url:	https://github.com/MisakaMikato/cve-2017-7921-golang	Trust: 0.1
title:	CVE-2017-7921	url:	https://github.com/BurnyMcDull/CVE-2017-7921	Trust: 0.1
title:	VulWiki	url:	https://github.com/Ares-X/VulWiki	Trust: 0.1
title:	Wiki	url:	https://github.com/nosafer/Wiki	Trust: 0.1
title:	wiki	url:	https://github.com/nosafer/wiki	Trust: 0.1
title:	yougar0.github.io	url:	https://github.com/yougar0/yougar0.github.io	Trust: 0.1
title:	nosafer.github.io	url:	https://github.com/nosafer/nosafer.github.io	Trust: 0.1
title:	kenzer-templates	url:	https://github.com/Elsfa7-110/kenzer-templates	Trust: 0.1
title:	kenzer-templates	url:	https://github.com/ARPSyndicate/kenzer-templates	Trust: 0.1

sources: CNVD: CNVD-2017-06977 // VULMON: CVE-2017-7921 // JVNDB: JVNDB-2017-003961

EXTERNAL IDS

db:	NVD	id:	CVE-2017-7921	Trust: 3.7
db:	ICS CERT	id:	ICSA-17-124-01	Trust: 2.9
db:	BID	id:	98313	Trust: 2.1
db:	CNNVD	id:	CNNVD-201704-1049	Trust: 0.9
db:	CNVD	id:	CNVD-2017-06977	Trust: 0.8
db:	JVN	id:	JVNVU92379282	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-003961	Trust: 0.8
db:	IVD	id:	452557E5-8B2A-4CCF-8F68-5C107568FE4A	Trust: 0.2
db:	VULHUB	id:	VHN-116124	Trust: 0.1
db:	VULMON	id:	CVE-2017-7921	Trust: 0.1

sources: IVD: 452557e5-8b2a-4ccf-8f68-5c107568fe4a // CNVD: CNVD-2017-06977 // VULHUB: VHN-116124 // VULMON: CVE-2017-7921 // BID: 98313 // JVNDB: JVNDB-2017-003961 // CNNVD: CNNVD-201704-1049 // NVD: CVE-2017-7921

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-17-124-01	Trust: 3.0
url:	http://www.securityfocus.com/bid/98313	Trust: 1.8
url:	http://www.hikvision.com/us/about_10805.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7921	Trust: 1.4
url:	https://ghostbin.com/paste/q2vq2	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7921	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu92379282/index.html	Trust: 0.8
url:	https://ipcamtalk.com/threads/backdoor-found-in-hikvision-cameras.17523/	Trust: 0.8
url:	http://hikvision.com/en/index.html	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://tools.cisco.com/security/center/viewalert.x?alertid=56496	Trust: 0.1
url:	https://github.com/chrisjd20/hikvision_cve-2017-7921_auth_bypass_config_decryptor	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2017-06977 // VULHUB: VHN-116124 // VULMON: CVE-2017-7921 // BID: 98313 // JVNDB: JVNDB-2017-003961 // CNNVD: CNNVD-201704-1049 // NVD: CVE-2017-7921

CREDITS

Montecrypto

Trust: 0.3

sources: BID: 98313

SOURCES

db:	IVD	id:	452557e5-8b2a-4ccf-8f68-5c107568fe4a
db:	CNVD	id:	CNVD-2017-06977
db:	VULHUB	id:	VHN-116124
db:	VULMON	id:	CVE-2017-7921
db:	BID	id:	98313
db:	JVNDB	id:	JVNDB-2017-003961
db:	CNNVD	id:	CNNVD-201704-1049
db:	NVD	id:	CVE-2017-7921

LAST UPDATE DATE

2024-08-14T15:13:31.469000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-06977	date:	2017-05-19T00:00:00
db:	VULHUB	id:	VHN-116124	date:	2017-12-19T00:00:00
db:	VULMON	id:	CVE-2017-7921	date:	2017-12-19T00:00:00
db:	BID	id:	98313	date:	2017-05-23T16:23:00
db:	JVNDB	id:	JVNDB-2017-003961	date:	2017-07-13T00:00:00
db:	CNNVD	id:	CNNVD-201704-1049	date:	2017-05-09T00:00:00
db:	NVD	id:	CVE-2017-7921	date:	2017-12-19T02:29:42.113

SOURCES RELEASE DATE

db:	IVD	id:	452557e5-8b2a-4ccf-8f68-5c107568fe4a	date:	2017-05-19T00:00:00
db:	CNVD	id:	CNVD-2017-06977	date:	2017-05-19T00:00:00
db:	VULHUB	id:	VHN-116124	date:	2017-05-06T00:00:00
db:	VULMON	id:	CVE-2017-7921	date:	2017-05-06T00:00:00
db:	BID	id:	98313	date:	2017-05-04T00:00:00
db:	JVNDB	id:	JVNDB-2017-003961	date:	2017-06-13T00:00:00
db:	CNNVD	id:	CNNVD-201704-1049	date:	2017-04-21T00:00:00
db:	NVD	id:	CVE-2017-7921	date:	2017-05-06T00:29:00.350