CVE-2014-4880

2014-12-0811:59:07

CWE-119

certcc

web.nvd.nist.gov

cve-2014-4880

buffer overflow

hikvision dvr

ds-7204

firmware

remote code execution

rtsp play

authorization header

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.1

Confidence

Low

EPSS

0.956

Percentile

99.5%

JSON

Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote attackers to execute arbitrary code via an RTSP PLAY request with a long Authorization header.

Affected configurations

Nvd

Node

hikvisiondvr_ds-7204_firmwareMatch2.2.10build_131009

AND

hikvisiondvr_ds-7204Match-

VendorProductVersionCPE
hikvisiondvr_ds-7204_firmware2.2.10cpe:2.3:o:hikvision:dvr_ds-7204_firmware:2.2.10:build_131009:*:*:*:*:*:*
hikvisiondvr_ds-7204-cpe:2.3:h:hikvision:dvr_ds-7204:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hikvision	dvr_ds-7204_firmware	2.2.10	cpe:2.3:o:hikvision:dvr_ds-7204_firmware:2.2.10:build_131009::::::
hikvision	dvr_ds-7204	-	cpe:2.3:h:hikvision:dvr_ds-7204:-:::::::*