CVE-2025-66176

EUVD-2026-2382
There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
hikvisionCNA
8.8 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
hikvisionds-k1t331_firmware
𝑥
< 3.7.80
hikvisionds-k1t341a_firmware
𝑥
< 3.7.80
hikvisionds-k1t341b_firmware
𝑥
< 3.7.80
hikvisionds-k1t671_firmware
𝑥
< 3.7.80
hikvisionds-k5671_firmware
𝑥
< 3.7.80
hikvisionds-k1t672_firmware
𝑥
< 3.7.80
hikvisionds-k1t680_firmware
𝑥
< 3.7.80
hikvisionds-k1t981_firmware
𝑥
< 3.7.80
hikvisionds-k1t341c_firmware
𝑥
< 3.3.180
hikvisionds-k1t670_firmware
𝑥
< 4.48.0
hikvisionds-k1t673_firmware
𝑥
< 4.48.0
hikvisionds-k1t8003_firmware
𝑥
≤ 1.4.21
hikvisionds-k1t804a_firmware
𝑥
< 1.4.22
hikvisionds-k1t804b_firmware
𝑥
< 1.4.23
hikvisionds-k1t201a_firmware
𝑥
< 1.3.65
hikvisionds-k1t105a_firmware
𝑥
< 1.3.65
hikvisionds-k1t342_firmware
𝑥
< 4.48.0
hikvisionds-k1t343_firmware
𝑥
< 4.48.0
hikvisionds-k1t344_firmware
𝑥
< 4.48.0
hikvisionds-k1t6qt-f72_firmware
𝑥
< 4.48.0
hikvisionds-k1t6qt-f43_firmware
𝑥
< 4.48.0
hikvisionds-k1t8005_firmware
𝑥
< 3.25.40
hikvisionds-k1t808_firmware
𝑥
< 3.25.40
hikvisionds-k1t320_firmware
𝑥
< 3.9.40
hikvisionds-k1t321_firmware
𝑥
< 3.9.40
hikvisionds-k1t323_firmware
𝑥
< 4.23.41
hikvisionds-k1t510_firmware
𝑥
< 4.23.41
hikvisionds-k5033_firmware
𝑥
< 4.37.40
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.hikvision.com/en/support/cybersecurity/security-advisory/buffer-overflow-vulnerabilities-in-some-hikvision-products/