CVE-2024-29949

Summary

There is a command injection vulnerability in some Hikvision NVRs. This could allow an authenticated user with administrative rights to execute arbitrary commands.

Affected Software

VendorProductVersion RangeStatus
HikvisionDS-7604NI-K1 / 4P(B)V4.30.096build221220 and the versions prior to itaffected
HikvisionDS-76xxNI-MxVersions after V5.00.000 (including V5.00.000) and before V5.02.006(not including V5.02.006)affected
HikvisionDS-77xxNI-MxVersions after V5.00.000 (including V5.00.000) and before V5.02.006(not including V5.02.006)affected
HikvisionDS-96xxxNI-MxxVersions after V5.00.000 (including V5.00.000) and before V5.02.006(not including V5.02.006)affected
HikvisionDS-76xxNXI-IxVersions after V5.00.000 (including V5.00.000) and before V5.02.006(not including V5.02.006)affected
HikvisionDS-77xxNXI-IxVersions after V5.00.000 (including V5.00.000) and before V5.02.006(not including V5.02.006)affected
HikvisionDS-86xxNXI-IxVersions after V5.00.000 (including V5.00.000) and before V5.02.006(not including V5.02.006)affected
HikvisionDS-96xxNXI-IxVersions after V5.00.000 (including V5.00.000) and before V5.02.006(not including V5.02.006)affected
HikvisioniDS-76xxNXI-MxVersions after V5.00.000 (including V5.00.000) and before V5.02.006(not including V5.02.006)affected
HikvisioniDS-77xxNXI-MxVersions after V5.00.000 (including V5.00.000) and before V5.02.006(not including V5.02.006)affected
HikvisioniDS-96xxxMXI-MxxVersions after V5.00.000 (including V5.00.000) and before V5.02.006(not including V5.02.006)affected
HikvisionDS-7604NI-M1/4PVersions after V5.00.000 (including V5.00.000) and before V5.01.070(not including V5.01.070)affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References