CVE-2024-29949 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.2 HIGH	NETWORK	LOW	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 35%

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
hikvision	ds-7604ni-k1\/4p\(b\)	𝑥 ≤ V4.30.096build221220	ADP
hikvision	ds-76xxni-mx	V5.00.000 ≤ 𝑥 < V5.02.006	ADP
hikvision	ds-77xxni-mx	5.00.000 ≤ 𝑥 < 5.02.006	ADP
hikvision	ds-96xxxni-mxx	5.00.000 ≤ 𝑥 < 5.02.006	ADP
hikvision	ds-76xxnxi-lx	5.00.000 ≤ 𝑥 < 5.02.006	ADP
hikvision	ds-77xxnxi-lx	5.00.000 ≤ 𝑥 < 5.02.006	ADP
hikvision	ds-86xxnxi-lx	5.00.000 ≤ 𝑥 < 5.02.006	ADP
hikvision	ds-96xxnxi-lx	5.00.000 ≤ 𝑥 < 5.02.006	ADP
hikvision	ids-76xxnxi-mx	5.00.000 ≤ 𝑥 < 5.02.006	ADP
hikvision	ids-77xxnxi-mx	5.00.000 ≤ 𝑥 < 5.02.006	ADP
hikvision	ids-96xxxmxi-mxx	5.00.000 ≤ 𝑥 < 5.02.006	ADP
hikvision	ds-7604ni-m1\/4p	5.00.000 ≤ 𝑥 < 5.01.070	ADP

Common Weakness Enumeration

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References

https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikvision-nvr-devices/

https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikvision-nvr-devices/