CVE-2024-29949

HIGH

Hikvision DS-7604NI-K1 / 4P(B) < V4.30.096build221220 - Authenticated Command Injection

Title source: llm

Description

There is a command injection vulnerability in some Hikvision NVRs. This could allow an authenticated user with administrative rights to execute arbitrary commands.

References (1)

Core 1

Core References

Various Sources

https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikvision-nvr-devices/

Scores

CVSS v3 7.2

EPSS 0.0132

EPSS Percentile 67.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-77

Status published

Products (12)

Hikvision/DS-7604NI-K1 / 4P(B) V4.30.096build221220 and the versions prior to it

Hikvision/DS-7604NI-M1/4P Versions after V5.00.000 (including V5.00.000) and before V5.01.070（not including V5.01.070）

Hikvision/DS-76xxNI-Mx Versions after V5.00.000 (including V5.00.000) and before V5.02.006（not including V5.02.006）

Hikvision/DS-76xxNXI-Ix Versions after V5.00.000 (including V5.00.000) and before V5.02.006（not including V5.02.006）

Hikvision/DS-77xxNI-Mx Versions after V5.00.000 (including V5.00.000) and before V5.02.006（not including V5.02.006）

Hikvision/DS-77xxNXI-Ix Versions after V5.00.000 (including V5.00.000) and before V5.02.006（not including V5.02.006）

Hikvision/DS-86xxNXI-Ix Versions after V5.00.000 (including V5.00.000) and before V5.02.006（not including V5.02.006）

Hikvision/DS-96xxNXI-Ix Versions after V5.00.000 (including V5.00.000) and before V5.02.006（not including V5.02.006）

Hikvision/DS-96xxxNI-Mxx Versions after V5.00.000 (including V5.00.000) and before V5.02.006（not including V5.02.006）

Hikvision/iDS-76xxNXI-Mx Versions after V5.00.000 (including V5.00.000) and before V5.02.006（not including V5.02.006）

... and 2 more

Published Apr 02, 2024

Tracked Since Feb 18, 2026