CVE-2014-4880

Hikvision DVR <2.2.10 - RCE

Title source: llm

Description

Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote attackers to execute arbitrary code via an RTSP PLAY request with a long Authorization header.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotelinux

https://www.exploit-db.com/exploits/35356

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/hikvision_rtsp_bof.rb

View Code ZIP pw:eip

References (2)

[Exploit] http://packetstormsecurity.com/files/129187/Hikvision-DVR-RTSP-Request-Remote-Code-Execution.html

[Exploit] http://www.exploit-db.com/exploits/35356

Scores

EPSS 0.7810

EPSS Percentile 99.0%

Details

CWE

CWE-119

Status published

Products (1)

hikvision/dvr_ds-7204_firmware 2.2.10 build_131009

Published Dec 08, 2014

Tracked Since Feb 18, 2026