CVE-2025-66174
MEDIUM WAF: Low
CVSS 6.8
Published: 2025-12-19
CWE-287
There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and run a series of commands.
WAF Coverage Analysis
Improper Authentication
Low WAF Coverage
OWASP: A07:2021 Identification and Authentication Failures
Affected Software
| Vendor | Product | Version |
|---|---|---|
| hikvision | ds-7104hghi-f1_firmware | up to 4.30.122_201107 |
| hikvision | ds-7204hghi-f1_firmware | up to 4.30.122_201107 |
References
- www.hikvision.com (Vendor Advisory)