CVE-2024-29949

CVSS 7.2 HIGHEPSS 1.3%CWE-77

There is a command injection vulnerability in some Hikvision NVRs. This could allow an authenticated user with administrative rights to execute arbitrary commands.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Productos afectados

Hikvision · DS-7604NI-K1 / 4P(B)Hikvision · DS-7604NI-M1/4P Hikvision · DS-76xxNI-Mx Hikvision · DS-76xxNXI-Ix Hikvision · DS-77xxNI-Mx Hikvision · DS-77xxNXI-Ix Hikvision · DS-86xxNXI-Ix Hikvision · DS-96xxNXI-Ix Hikvision · DS-96xxxNI-Mxx Hikvision · iDS-76xxNXI-Mx Hikvision · iDS-77xxNXI-Mx Hikvision · iDS-96xxxMXI-Mxx

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikvision-nvr-devices/