Details of VAR-201808-0810

ID

VAR-201808-0810

CVE

CVE-2018-6414

TITLE

plural Hikvision IP Cameras Product buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-009357

DESCRIPTION

A buffer overflow vulnerability in the web server of some Hikvision IP Cameras allows an attacker to send a specially crafted message to affected devices. Due to the insufficient input validation, successful exploit can corrupt memory and lead to arbitrary code execution or crash the process. plural Hikvision IP Cameras The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HikVision IP Cameras is a network camera product from China Hikvision. Hikvision network camera has a buffer overflow vulnerability, which is caused by insufficient input verification

Trust: 2.25

sources: NVD: CVE-2018-6414 // JVNDB: JVNDB-2018-009357 // CNVD: CNVD-2018-17379 // VULHUB: VHN-136446

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-17379

AFFECTED PRODUCTS

vendor:	hikvision	model:	ip cameras	scope:	eq	version:	-	Trust: 1.6
vendor:	hikvision digital	model:	ip cameras	scope:	-	version:	-	Trust: 0.8
vendor:	hikvision	model:	ds-2cd1201-i	scope:	eq	version:	v5.5.51	Trust: 0.6
vendor:	hikvision	model:	ds-2cd1201f-i	scope:	eq	version:	v5.5.5	Trust: 0.6
vendor:	hikvision	model:	ds-2cd1201f-i	scope:	eq	version:	v5.5.52	Trust: 0.6
vendor:	hikvision	model:	ds-2cd1211-i	scope:	eq	version:	v5.5.51	Trust: 0.6
vendor:	hikvision	model:	ds-2cd1221	scope:	eq	version:	v5.5.4	Trust: 0.6
vendor:	hikvision	model:	ds-2cd1221	scope:	eq	version:	v5.5.5	Trust: 0.6
vendor:	hikvision	model:	ds-2cd1221	scope:	eq	version:	v5.5.52	Trust: 0.6
vendor:	hikvision	model:	ds-2cd1301-i	scope:	eq	version:	v5.5.51	Trust: 0.6
vendor:	hikvision	model:	ds-2cd1301f-i	scope:	eq	version:	v5.5.5	Trust: 0.6
vendor:	hikvision	model:	ds-2cd1301f-i	scope:	eq	version:	v5.5.52	Trust: 0.6
vendor:	hikvision	model:	ds-2cd1311-i	scope:	eq	version:	v5.5.51	Trust: 0.6
vendor:	hikvision	model:	ds-2cd1321	scope:	eq	version:	v5.5.4	Trust: 0.6
vendor:	hikvision	model:	ds-2cd1321	scope:	eq	version:	v5.5.5	Trust: 0.6
vendor:	hikvision	model:	ds-2cd1321	scope:	eq	version:	v5.5.52	Trust: 0.6
vendor:	hikvision	model:	ds-2cd1x25	scope:	eq	version:	v5.5.0	Trust: 0.6
vendor:	hikvision	model:	ds-2cd1x25	scope:	eq	version:	v5.5.2	Trust: 0.6
vendor:	hikvision	model:	ds-2cd1x25	scope:	eq	version:	v5.5.4	Trust: 0.6
vendor:	hikvision	model:	ds-2cd1x25	scope:	eq	version:	v5.5.52	Trust: 0.6
vendor:	hikvision	model:	ds-2cd1x25	scope:	eq	version:	v5.5.6	Trust: 0.6
vendor:	hikvision	model:	ds-2cd1x31	scope:	eq	version:	v5.5.4	Trust: 0.6
vendor:	hikvision	model:	ds-2cd1x31	scope:	eq	version:	v5.5.5	Trust: 0.6
vendor:	hikvision	model:	ds-2cd1x31	scope:	eq	version:	v5.5.52	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2x21	scope:	eq	version:	v5.5.0	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2x21	scope:	eq	version:	v5.5.2	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2x21	scope:	eq	version:	v5.5.4	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2x21	scope:	eq	version:	v5.5.52	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2x21	scope:	eq	version:	v5.5.6	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2x25	scope:	eq	version:	v5.5.0	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2x25	scope:	eq	version:	v5.5.2	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2x25	scope:	eq	version:	v5.5.4	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2x25	scope:	eq	version:	v5.5.52	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2x25	scope:	eq	version:	v5.5.6	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2x26	scope:	eq	version:	v5.5.0	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2x26	scope:	eq	version:	v5.5.2	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2x26	scope:	eq	version:	v5.5.4	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2x26	scope:	eq	version:	v5.5.52	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2x26	scope:	eq	version:	v5.5.6	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2x47	scope:	eq	version:	v5.5.0	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2x47	scope:	eq	version:	v5.5.2	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2x47	scope:	eq	version:	v5.5.3	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2x47	scope:	eq	version:	v5.5.52	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2x66	scope:	eq	version:	v5.5.0	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2x66	scope:	eq	version:	v5.5.2	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2x66	scope:	eq	version:	v5.5.3	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2x66	scope:	eq	version:	v5.5.51	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2x66	scope:	eq	version:	v5.5.52	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2x66	scope:	eq	version:	v5.5.60	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2x86	scope:	eq	version:	v5.5.0	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2x86	scope:	eq	version:	v5.5.2	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2x86	scope:	eq	version:	v5.5.3	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2x86	scope:	eq	version:	v5.5.51	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2x86	scope:	eq	version:	v5.5.52	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2x86	scope:	eq	version:	v5.5.60	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2xx5	scope:	eq	version:	v5.5.0	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2xx5	scope:	eq	version:	v5.5.2	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2xx5	scope:	eq	version:	v5.5.3	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2xx5	scope:	eq	version:	v5.5.52	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2xx6	scope:	eq	version:	v5.5.0	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2xx6	scope:	eq	version:	v5.5.2	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2xx6	scope:	eq	version:	v5.5.3	Trust: 0.6
vendor:	hikvision	model:	ds-2cd2xx6	scope:	eq	version:	v5.5.52	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3220	scope:	eq	version:	v5.5.4	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3220	scope:	eq	version:	v5.5.5	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3220	scope:	eq	version:	v5.5.52	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3311 -i	scope:	eq	version:	v5.5.5	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3311 -i	scope:	eq	version:	v5.5.52	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3x10-i	scope:	eq	version:	v5.5.5	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3x10-i	scope:	eq	version:	v5.5.52	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3x10f-i	scope:	eq	version:	v5.5.5	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3x10f-i	scope:	eq	version:	v5.5.52	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3x20	scope:	eq	version:	v5.5.4	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3x20	scope:	eq	version:	v5.5.5	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3x20	scope:	eq	version:	v5.5.52	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3x21	scope:	eq	version:	v5.5.0	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3x21	scope:	eq	version:	v5.5.2	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3x21	scope:	eq	version:	v5.5.4	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3x21	scope:	eq	version:	v5.5.52	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3x21	scope:	eq	version:	v5.5.6	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3x25	scope:	eq	version:	v5.5.0	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3x25	scope:	eq	version:	v5.5.2	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3x25	scope:	eq	version:	v5.5.4	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3x25	scope:	eq	version:	v5.5.52	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3x25	scope:	eq	version:	v5.5.6	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3x26	scope:	eq	version:	v5.5.0	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3x26	scope:	eq	version:	v5.5.2	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3x26	scope:	eq	version:	v5.5.4	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3x26	scope:	eq	version:	v5.5.52	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3x26	scope:	eq	version:	v5.5.6	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3x47	scope:	eq	version:	v5.5.0	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3x47	scope:	eq	version:	v5.5.2	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3x47	scope:	eq	version:	v5.5.3	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3x47	scope:	eq	version:	v5.5.52	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3x66	scope:	eq	version:	v5.5.0	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3x66	scope:	eq	version:	v5.5.2	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3x66	scope:	eq	version:	v5.5.3	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3x66	scope:	eq	version:	v5.5.51	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3x66	scope:	eq	version:	v5.5.52	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3x66	scope:	eq	version:	v5.5.60	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3x86	scope:	eq	version:	v5.5.0	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3x86	scope:	eq	version:	v5.5.2	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3x86	scope:	eq	version:	v5.5.3	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3x86	scope:	eq	version:	v5.5.51	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3x86	scope:	eq	version:	v5.5.52	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3x86	scope:	eq	version:	v5.5.60	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3xx5	scope:	eq	version:	v5.5.0	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3xx5	scope:	eq	version:	v5.5.2	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3xx5	scope:	eq	version:	v5.5.3	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3xx5	scope:	eq	version:	v5.5.52	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3xx6	scope:	eq	version:	v5.5.0	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3xx6	scope:	eq	version:	v5.5.2	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3xx6	scope:	eq	version:	v5.5.3	Trust: 0.6
vendor:	hikvision	model:	ds-2cd3xx6	scope:	eq	version:	v5.5.52	Trust: 0.6
vendor:	hikvision	model:	ds-2xm6614-i	scope:	eq	version:	v5.5.51	Trust: 0.6
vendor:	hikvision	model:	ds-2xm6624-i	scope:	eq	version:	v5.5.4	Trust: 0.6
vendor:	hikvision	model:	ds-2xm6624-i	scope:	eq	version:	v5.5.5	Trust: 0.6
vendor:	hikvision	model:	ds-2xm6624-i	scope:	eq	version:	v5.5.52	Trust: 0.6
vendor:	hikvision	model:	ds-ipc-b11-i	scope:	eq	version:	v5.5.51	Trust: 0.6
vendor:	hikvision	model:	ds-ipc-b12-i	scope:	eq	version:	v5.5.4	Trust: 0.6
vendor:	hikvision	model:	ds-ipc-b12-i	scope:	eq	version:	v5.5.5	Trust: 0.6
vendor:	hikvision	model:	ds-ipc-b12-i	scope:	eq	version:	v5.5.52	Trust: 0.6
vendor:	hikvision	model:	ds-ipc-b12h-i	scope:	eq	version:	v5.5.0	Trust: 0.6
vendor:	hikvision	model:	ds-ipc-b12h-i	scope:	eq	version:	v5.5.2	Trust: 0.6
vendor:	hikvision	model:	ds-ipc-b12h-i	scope:	eq	version:	v5.5.4	Trust: 0.6
vendor:	hikvision	model:	ds-ipc-b12h-i	scope:	eq	version:	v5.5.52	Trust: 0.6
vendor:	hikvision	model:	ds-ipc-b12h-i	scope:	eq	version:	v5.5.6	Trust: 0.6
vendor:	hikvision	model:	ds-ipc-t11-i	scope:	eq	version:	v5.5.51	Trust: 0.6
vendor:	hikvision	model:	ds-ipc-t12-i	scope:	eq	version:	v5.5.4	Trust: 0.6
vendor:	hikvision	model:	ds-ipc-t12-i	scope:	eq	version:	v5.5.5	Trust: 0.6
vendor:	hikvision	model:	ds-ipc-t12-i	scope:	eq	version:	v5.5.52	Trust: 0.6
vendor:	hikvision	model:	ds-ipc-t12h-i	scope:	eq	version:	v5.5.0	Trust: 0.6
vendor:	hikvision	model:	ds-ipc-t12h-i	scope:	eq	version:	v5.5.2	Trust: 0.6
vendor:	hikvision	model:	ds-ipc-t12h-i	scope:	eq	version:	v5.5.4	Trust: 0.6
vendor:	hikvision	model:	ds-ipc-t12h-i	scope:	eq	version:	v5.5.52	Trust: 0.6
vendor:	hikvision	model:	ds-ipc-t12h-i	scope:	eq	version:	v5.5.6	Trust: 0.6

sources: CNVD: CNVD-2018-17379 // JVNDB: JVNDB-2018-009357 // CNNVD: CNNVD-201808-338 // NVD: CVE-2018-6414

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-6414
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-6414
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2018-17379
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201808-338
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-136446
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-6414
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-17379
severity:	HIGH
baseScore:	7.3
vectorString:	AV:N/AC:H/AU:N/C:C/I:P/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	9.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-136446
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-6414
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-17379 // VULHUB: VHN-136446 // JVNDB: JVNDB-2018-009357 // CNNVD: CNNVD-201808-338 // NVD: CVE-2018-6414

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-136446 // JVNDB: JVNDB-2018-009357 // NVD: CVE-2018-6414

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201808-338

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201808-338

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-009357

PATCH

title:	HSRC-201808-01	url:	http://www.hikvision.com/en/Support/Cybersecurity-Center/Security-Advisory/431181228784397	Trust: 0.8
title:	Hikvision IP Fixing actions for camera buffer error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83870	Trust: 0.6

sources: JVNDB: JVNDB-2018-009357 // CNNVD: CNNVD-201808-338

EXTERNAL IDS

db:	NVD	id:	CVE-2018-6414	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-009357	Trust: 0.8
db:	CNNVD	id:	CNNVD-201808-338	Trust: 0.7
db:	CNVD	id:	CNVD-2018-17379	Trust: 0.6
db:	VULHUB	id:	VHN-136446	Trust: 0.1

sources: CNVD: CNVD-2018-17379 // VULHUB: VHN-136446 // JVNDB: JVNDB-2018-009357 // CNNVD: CNNVD-201808-338 // NVD: CVE-2018-6414

REFERENCES

url:	https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification--buffer-overflow-vulnerability-in-some-hik/	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6414	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-6414	Trust: 0.8

sources: VULHUB: VHN-136446 // JVNDB: JVNDB-2018-009357 // CNNVD: CNNVD-201808-338 // NVD: CVE-2018-6414

SOURCES

db:	CNVD	id:	CNVD-2018-17379
db:	VULHUB	id:	VHN-136446
db:	JVNDB	id:	JVNDB-2018-009357
db:	CNNVD	id:	CNNVD-201808-338
db:	NVD	id:	CVE-2018-6414

LAST UPDATE DATE

2024-11-23T23:04:59.306000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-17379	date:	2018-09-07T00:00:00
db:	VULHUB	id:	VHN-136446	date:	2020-09-24T00:00:00
db:	JVNDB	id:	JVNDB-2018-009357	date:	2018-11-16T00:00:00
db:	CNNVD	id:	CNNVD-201808-338	date:	2020-09-25T00:00:00
db:	NVD	id:	CVE-2018-6414	date:	2024-11-21T04:10:40.100

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-17379	date:	2018-09-27T00:00:00
db:	VULHUB	id:	VHN-136446	date:	2018-08-13T00:00:00
db:	JVNDB	id:	JVNDB-2018-009357	date:	2018-11-16T00:00:00
db:	CNNVD	id:	CNNVD-201808-338	date:	2018-08-14T00:00:00
db:	NVD	id:	CVE-2018-6414	date:	2018-08-13T15:29:00.527