CVE-2017-7923
06.05.2017, 00:29
A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The password in configuration file vulnerability could allow a malicious user to escalate privileges or assume the identity of another user and access sensitive information.Enginsight
| Vendor | Product | Version |
|---|---|---|
| hikvision | ds-2cd2032-i_firmware | - |
| hikvision | ds-2cd2112-i_firmware | - |
| hikvision | ds-2cd2132-i_firmware | - |
| hikvision | ds-2cd2212-i5_firmware | - |
| hikvision | ds-2cd2232-i5_firmware | - |
| hikvision | ds-2cd2312-i_firmware | - |
| hikvision | ds-2cd2332-i_firmware | - |
| hikvision | ds-2cd2412f-i\(w\)_firmware | - |
| hikvision | ds-2cd2432f-i\(w\)_firmware | - |
| hikvision | ds-2cd2512f-i\(s\)_firmware | - |
| hikvision | ds-2cd2532f-i\(s\)_firmware | - |
| hikvision | ds-2cd2612f-i\(s\)_firmware | - |
| hikvision | ds-2cd2632f-i\(s\)_firmware | - |
| hikvision | ds-2cd2712f-i\(s\)_firmware | - |
| hikvision | ds-2cd2732f-i\(s\)_firmware | - |
| hikvision | ds-2cd2t32-i3_firmware | - |
| hikvision | ds-2cd2t32-i5_firmware | - |
| hikvision | ds-2cd2t32-i8_firmware | - |
| hikvision | ds-2cd4012f-\(a\)_firmware | - |
| hikvision | ds-2cd4012f-\(p\)_firmware | - |
| hikvision | ds-2cd4012f-\(w\)_firmware | - |
| hikvision | ds-2cd4012fwd-\(a\)_firmware | - |
| hikvision | ds-2cd4012fwd-\(p\)_firmware | - |
| hikvision | ds-2cd4012fwd-\(w\)_firmware | - |
| hikvision | ds-2cd4024f-\(a\)_firmware | - |
| hikvision | ds-2cd4024f-\(p\)_firmware | - |
| hikvision | ds-2cd4024f-\(w\)_firmware | - |
| hikvision | ds-2cd4032fwd-\(a\)_firmware | - |
| hikvision | ds-2cd4032fwd-\(p\)_firmware | - |
| hikvision | ds-2cd4032fwd-\(w\)_firmware | - |
| hikvision | ds-2cd4112f-i\(z\)_firmware | - |
| hikvision | ds-2cd4112fwd-i\(z\)_firmware | - |
| hikvision | ds-2cd4124f-i\(z\)_firmware | - |
| hikvision | ds-2cd4132fwd-i\(z\)_firmware | - |
| hikvision | ds-2cd4212f-i\(h\)_firmware | - |
| hikvision | ds-2cd4212f-i\(s\)_firmware | - |
| hikvision | ds-2cd4212f-i\(z\)_firmware | - |
| hikvision | ds-2cd4212fwd-i\(h\)_firmware | - |
| hikvision | ds-2cd4212fwd-i\(s\)_firmware | - |
| hikvision | ds-2cd4212fwd-i\(z\)_firmware | - |
| hikvision | ds-2cd4224f-i\(h\)_firmware | - |
| hikvision | ds-2cd4224f-i\(s\)_firmware | - |
| hikvision | ds-2cd4224f-i\(z\)_firmware | - |
| hikvision | ds-2cd4232fwd-i\(h\)_firmware | - |
| hikvision | ds-2cd4232fwd-i\(s\)_firmware | - |
| hikvision | ds-2cd4232fwd-i\(z\)_firmware | - |
| hikvision | ds-2cd4312f-i\(h\)_firmware | - |
| hikvision | ds-2cd4312f-i\(s\)_firmware | - |
| hikvision | ds-2cd4312f-i\(z\)_firmware | - |
| hikvision | ds-2cd4324f-i\(h\)_firmware | - |
| hikvision | ds-2cd4324f-i\(s\)_firmware | - |
| hikvision | ds-2cd4324f-i\(z\)_firmware | - |
| hikvision | ds-2cd4332fwd-i\(h\)_firmware | - |
| hikvision | ds-2cd4332fwd-i\(s\)_firmware | - |
| hikvision | ds-2cd4332fwd-i\(z\)_firmware | - |
| hikvision | ds-2cd6412fwd_firmware | - |
| hikvision | ds-2dfx_series_firmware | - |
| hikvision | ds-2cd63xx_series_firmware | - |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-260 - Password in Configuration FileThe software stores a password in a configuration file that might be accessible to actors who do not know the password.
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
References