CVE-2013-4977

Hikvision DS-2CD7153-E <4.1.0 b130111 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-4977. PoCs published by Core Security.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in Hikvision IP cameras, including privilege escalation via configuration data decryption, authentication bypass using hardcoded credentials, and a buffer overflow in the RTSP packet handler leading to potential remote code execution.

Description

Buffer overflow in the RTSP Packet Handler in Hikvision DS-2CD7153-E IP camera with firmware 4.1.0 b130111 (Jan 2013), and possibly other devices, allows remote attackers to cause a denial of service (device crash and reboot) and possibly execute arbitrary code via a long string in the Range header field in an RTSP transaction.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Core Security · textwebappshardware

https://www.exploit-db.com/exploits/27402

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in Hikvision IP cameras, including privilege escalation via configuration data decryption, authentication bypass using hardcoded credentials, and a buffer overflow in the RTSP packet handler leading to potential remote code execution.

Classification

Working Poc 100%

Attack Type

Rce | Auth Bypass | Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Hikvision IP cameras (e.g., DS-2CD7153-E) with firmware v4.1.0 b130111

Auth required

Prerequisites: Network access to the target camera · Valid user credentials for privilege escalation PoC

MITRE ATT&CK