Sign-up

ID

VAR-201712-0474


CVE

CVE-2017-14953


TITLE

HikVision Wi-Fi IP Vulnerabilities related to authorization, authority, and access control in cameras

Trust: 0.8

sources: JVNDB: JVNDB-2017-011015

DESCRIPTION

HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate attackers to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi encryption or authentication. NOTE: Vendor states that this is not a vulnerability, but more an increase to the attack surface of the product. HikVision Wi-Fi IP Cameras have vulnerabilities related to authorization, permissions, and access control.Information may be tampered with. An attacker who is physically close can use this vulnerability to associate with any access point

Trust: 2.16

sources: NVD: CVE-2017-14953 // JVNDB: JVNDB-2017-011015 // CNVD: CNVD-2017-38322

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-38322

AFFECTED PRODUCTS

vendor:hikvisionmodel:ds-2cd2432f-iwscope:ltversion:5.4.5

Trust: 1.0

vendor:hikvision digitalmodel:ds-2cd2432f-iwscope: - version: -

Trust: 0.8

vendor:hikvisionmodel:ds-2cd2432f-iwscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-38322 // JVNDB: JVNDB-2017-011015 // NVD: CVE-2017-14953

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-14953
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-14953
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-38322
value: LOW

Trust: 0.6

CNNVD: CNNVD-201709-1321
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2017-14953
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-38322
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-14953
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-38322 // JVNDB: JVNDB-2017-011015 // CNNVD: CNNVD-201709-1321 // NVD: CVE-2017-14953

PROBLEMTYPE DATA

problemtype:CWE-311

Trust: 1.0

problemtype:CWE-264

Trust: 0.8

sources: JVNDB: JVNDB-2017-011015 // NVD: CVE-2017-14953

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201709-1321

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201709-1321

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-011015

PATCH
title:DS-2CD2432F-IWurl:http://www.hikvision.com/us/Products_1_10510_i7599.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-011015

EXTERNAL IDS
db:NVDid:CVE-2017-14953
Trust: 3.0
db:PACKETSTORMid:145131
Trust: 2.4
db:JVNDBid:JVNDB-2017-011015
Trust: 0.8
db:CNVDid:CNVD-2017-38322
Trust: 0.6
db:CNNVDid:CNNVD-201709-1321
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-38322 // 
            
            
            
            JVNDB: JVNDB-2017-011015 // 
            
            
            
            CNNVD: CNNVD-201709-1321 // 
            
            
            
            NVD: CVE-2017-14953

REFERENCES
url:http://packetstormsecurity.com/files/145131/hikvision-wi-fi-ip-camera-wireless-access-point-state.html
Trust: 3.0
url:http://seclists.org/fulldisclosure/2017/nov/43
Trust: 2.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14953
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-14953
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2017-38322 // 
            
            
            
            JVNDB: JVNDB-2017-011015 // 
            
            
            
            CNNVD: CNNVD-201709-1321 // 
            
            
            
            NVD: CVE-2017-14953

SOURCES
db:CNVDid:CNVD-2017-38322
db:JVNDBid:JVNDB-2017-011015
db:CNNVDid:CNNVD-201709-1321
db:NVDid:CVE-2017-14953

LAST UPDATE DATE
2025-04-20T23:39:55.349000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-38322date:2017-12-28T00:00:00
db:JVNDBid:JVNDB-2017-011015date:2017-12-28T00:00:00
db:CNNVDid:CNNVD-201709-1321date:2019-10-23T00:00:00
db:NVDid:CVE-2017-14953date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-38322date:2017-12-28T00:00:00
db:JVNDBid:JVNDB-2017-011015date:2017-12-28T00:00:00
db:CNNVDid:CNNVD-201709-1321date:2017-09-30T00:00:00
db:NVDid:CVE-2017-14953date:2017-12-01T17:29:00.387