CVE-2025-66176

Summary

There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.

Affected Software

VendorProductVersion RangeStatus
HikvisionDS-K1T331Versions below V3.7.80affected
HikvisionDS-K1T341A/K1T341BVersions below V3.7.80affected
HikvisionDS-K1T671/K5671Versions below V3.7.80affected
HikvisionDS-K1T672Versions below V3.7.80affected
HikvisionDS-K1T680Versions below V3.7.80affected
HikvisionDS-K1T981Versions below V3.7.80affected
HikvisionDS-K1T341CVersions below V3.3.180affected
HikvisionDS-K1T670/K1T673Versions below V4.48.0affected
HikvisionDS-K1T8003Versions below V1.4.21affected
HikvisionDS-K1T804AVersions below V1.4.22affected
HikvisionDS-K1T8003/8004Versions below V1.4.21affected
HikvisionDS-K1T804AVersions below V1.4.22affected
HikvisionDS-K1T804BVersions below V1.4.23affected
HikvisionDS-K1T201A/K1T105AVersions below V1.3.65affected
HikvisionDS-K1T342/K1T343/K1T344/DS-K1T6QT-F72/F43Versions below V4.48.0affected
HikvisionDS-K1T8005/DS-K1T808Versions below V3.25.40affected
HikvisionDS-K1T320/DS-K1T321Versions below V3.9.40affected
HikvisionDS-K1T323/DS-K1T510Versions below V4.23.41affected
HikvisionDS-K5033Versions below V4.37.40affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References