Vulnerabilities in hikvision
39 resultsCVE-2022-28173CRITICALThe web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permissEPSS 0.6%CVE-2024-25063HIGHDue to insufficient server-side validation, a successful exploit of this vulnerability could allow an attacker to gain access to certain URLEPSS 0.6%CVE-2024-47485MEDIUMThere is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could build malicious data to geneEPSS 0.5%CVE-2025-39247HIGHThere is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the adEPSS 0.5%CVE-2025-66176HIGHThere is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an atEPSS 0.5%CVE-2023-28814CRITICALSome versions of Hikvision's iSecure Center Product have an improper file upload control vulnerability. Due to the improper verification of EPSS 0.5%CVE-2024-29947LOWThere is a NULL dereference pointer vulnerability in some Hikvision NVRs. Due to an insufficient validation of a parameter in a message, an EPSS 0.4%CVE-2024-47487HIGHThere is a SQL injection vulnerability in some HikCentral Professional versions. This could allow an authenticated user to execute arbitraryEPSS 0.4%CVE-2024-25064MEDIUMDue to insufficient server-side validation, an attacker with login privileges could access certain resources that the attacker should not haEPSS 0.4%CVE-2024-29948LOWThere is an out-of-bounds read vulnerability in some Hikvision NVRs. An authenticated attacker could exploit this vulnerability by sending sEPSS 0.4%CVE-2025-39245MEDIUMThere is a CSV Injection Vulnerability in some HikCentral Master Lite versions. This could allow an attacker to inject executable commands vEPSS 0.4%CVE-2023-28811HIGHThere is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. If exploited, an attacker on the same local area neEPSS 0.4%CVE-2025-39246MEDIUMThere is an Unquoted Service Path Vulnerability in some HikCentral FocSign versions. This could allow an authenticated user to potentially eEPSS 0.4%CVE-2025-66177HIGHThere is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision NVR/DVR/CVR/IPC models. If exploited, an attEPSS 0.3%CVE-2025-66174MEDIUMThere is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for tEPSS 0.3%CVE-2026-1749MEDIUMThere is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the adEPSS 0.3%CVE-2024-47486LOWThere is an XSS vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could inject scripts into certain pages by EPSS 0.3%CVE-2025-66173MEDIUMThere is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the sEPSS 0.2%CVE-2026-32684LOWThe application does not impose strict enough restrictions on directory access permissions, posing a risk that other malicious applications EPSS 0.1%