Lucene search
HistoryApr 02, 2024 - 11:15 a.m.
CVE-2024-29949
cve-2024-29949
command injection
hikvision nvrs
arbitrary commands
authentication
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
There is a command injection vulnerability in some Hikvision NVRs. This could allow an authenticated user with administrative rights to execute arbitrary commands.
CNA Affected
[
{
"vendor": "Hikvision",
"product": "DS-7604NI-K1 / 4P(B)",
"versions": [
{
"version": "V4.30.096build221220 and the versions prior to it",
"status": "affected"
}
]
},
{
"vendor": "Hikvision",
"product": "DS-76xxNI-Mx",
"versions": [
{
"version": "Versions after V5.00.000 (including V5.00.000) and before V5.02.006(not including V5.02.006)",
"status": "affected"
}
]
},
{
"vendor": "Hikvision",
"product": "DS-77xxNI-Mx",
"defaultStatus": "affected",
"versions": [
{
"version": "Versions after V5.00.000 (including V5.00.000) and before V5.02.006(not including V5.02.006)",
"status": "affected"
}
]
},
{
"vendor": "Hikvision",
"product": "DS-96xxxNI-Mxx",
"versions": [
{
"version": "Versions after V5.00.000 (including V5.00.000) and before V5.02.006(not including V5.02.006)",
"status": "affected"
}
]
},
{
"vendor": "Hikvision",
"product": "DS-76xxNXI-Ix",
"versions": [
{
"version": "Versions after V5.00.000 (including V5.00.000) and before V5.02.006(not including V5.02.006)",
"status": "affected"
}
]
},
{
"vendor": "Hikvision",
"product": "DS-77xxNXI-Ix",
"versions": [
{
"version": "Versions after V5.00.000 (including V5.00.000) and before V5.02.006(not including V5.02.006)",
"status": "affected"
}
]
},
{
"vendor": "Hikvision",
"product": "DS-86xxNXI-Ix",
"versions": [
{
"version": "Versions after V5.00.000 (including V5.00.000) and before V5.02.006(not including V5.02.006)",
"status": "affected"
}
]
},
{
"vendor": "Hikvision",
"product": "DS-96xxNXI-Ix",
"versions": [
{
"version": "Versions after V5.00.000 (including V5.00.000) and before V5.02.006(not including V5.02.006)",
"status": "affected"
}
]
},
{
"vendor": "Hikvision",
"product": "iDS-76xxNXI-Mx",
"versions": [
{
"version": "Versions after V5.00.000 (including V5.00.000) and before V5.02.006(not including V5.02.006)",
"status": "affected"
}
]
},
{
"vendor": "Hikvision",
"product": "iDS-77xxNXI-Mx",
"versions": [
{
"version": "Versions after V5.00.000 (including V5.00.000) and before V5.02.006(not including V5.02.006)",
"status": "affected"
}
]
},
{
"vendor": "Hikvision",
"product": "iDS-96xxxMXI-Mxx",
"versions": [
{
"version": "Versions after V5.00.000 (including V5.00.000) and before V5.02.006(not including V5.02.006)",
"status": "affected"
}
]
},
{
"vendor": "Hikvision",
"product": "DS-7604NI-M1/4P",
"versions": [
{
"version": "Versions after V5.00.000 (including V5.00.000) and before V5.01.070(not including V5.01.070)",
"status": "affected"
}
]
}
]
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Related for CVE-2024-29949