Lucene search

HikvisionVULNRICHMENT:CVE-2024-29948

HistoryApr 02, 2024 - 11:07 a.m.

CVE-2024-29948

2024-04-0211:07:04

hikvision

github.com

vulnerability

hikvision

nvrs

out-of-bounds

read

authenticated attacker

service abnormality

cve-2024-29948

CVSS3

3.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L

AI Score

6.5

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

There is an out-of-bounds read vulnerability in some Hikvision NVRs. An authenticated attacker could exploit this vulnerability by sending specially crafted messages to a vulnerable device, causing a service abnormality.

CNA Affected

[
  {
    "vendor": "Hikvision",
    "product": "DS-7604NXI-K1/4P",
    "versions": [
      {
        "status": "affected",
        "version": "V4.76.005 build231012 and the versions prior to it"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikvision-nvr-devices/

CVSS3

3.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L

AI Score

6.5

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-29948