CVE-2025-66176

HIGH

Hikvision Access Control - Buffer Overflow

Title source: llm

Description

There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.

References (2)

Core 2

Core References

Third Party Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2281

Vendor Advisory

https://www.hikvision.com/en/support/cybersecurity/security-advisory/buffer-overflow-vulnerabilities-in-some-hikvision-products/

Scores

CVSS v3 8.8

EPSS 0.0049

EPSS Percentile 37.9%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-121

Status published

Products (46)

hikvision/ds-k1t105a_firmware < 1.3.65

Hikvision/DS-K1T201A/K1T105A Versions below V1.3.65

hikvision/ds-k1t201a_firmware < 1.3.65

Hikvision/DS-K1T320/DS-K1T321 Versions below V3.9.40

hikvision/ds-k1t320_firmware < 3.9.40

hikvision/ds-k1t321_firmware < 3.9.40

Hikvision/DS-K1T323/DS-K1T510 Versions below V4.23.41

hikvision/ds-k1t323_firmware < 4.23.41

Hikvision/DS-K1T331 Versions below V3.7.80

hikvision/ds-k1t331_firmware < 3.7.80

... and 36 more

Published Jan 13, 2026

Tracked Since Feb 18, 2026