Hikvision IP Camera Remote Authentication Bypass

Critical Nessus Plugin ID 107056


The remote IP camera web server is affected by an authentication bypass vulnerability.


The remote Hikvision IP camera is affected by an authentication bypass vulnerability. A remote, unauthenticated attacker can read configurations (including account passwords), access the camera images, or modify the camera firmware.


Upgrade to a resolved firmware version as per the vendor advisory.

See Also




Plugin Details

Severity: Critical

ID: 107056

File Name: hikvision_auth_bypass.nasl

Version: $Revision: 1.2 $

Type: remote

Family: CGI abuses

Published: 2018/02/28

Modified: 2018/03/01

Dependencies: 107057

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C


Base Score: 10

Temporal Score: 8.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: installed_sw/Hikvision IP Camera

Exploit Available: false

Exploit Ease: No known exploits are available

Exploited by Nessus: true

Patch Publication Date: 2017/03/10

Vulnerability Publication Date: 2017/03/10

Reference Information

CVE: CVE-2017-7921, CVE-2017-7923

BID: 98313

OSVDB: 153754, 157000

ICSA: 17-124-01