CVE-2017-7921

9.8 CRITICAL CISA KEV - Actively Exploited
Published: May 06, 2017 Modified: March 05, 2026
View on NVD

Description

An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://www.hikvision.com/us/about_10805.html
Source: ics-cert@hq.dhs.gov
Patch Vendor Advisory
http://www.securityfocus.com/bid/98313
Source: ics-cert@hq.dhs.gov
Third Party Advisory VDB Entry
https://ghostbin.com/paste/q2vq2
Source: ics-cert@hq.dhs.gov
https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01
Source: ics-cert@hq.dhs.gov
Third Party Advisory US Government Resource
http://www.hikvision.com/us/about_10805.html
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory
http://www.securityfocus.com/bid/98313
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
https://ghostbin.com/paste/q2vq2
Source: af854a3a-2127-422b-91ae-364da2661108
https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory US Government Resource
https://www.hikvision.com/cn/support/CybersecurityCenter/SecurityNotices/20170314/
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification--privilege-escalating-vulnerability-in-cer/
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.hikvision.com/us-en/support/document-center/special-notices/privilege-escalating-vulnerability-in-certain-hikvision-ip-cameras/
Source: af854a3a-2127-422b-91ae-364da2661108
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-7921
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

12 reference(s) from NVD

Quick Stats

CVSS v3 Score
9.8 / 10.0
EPSS (Exploit Probability)
94.3%
100th percentile
Exploitation Status
Actively Exploited
Remediation due: 2026-03-26

Weaknesses (CWE)

CWE-287 CWE-287

Affected Vendors

hikvision

Related CVEs

CVE-2026-4472 6.3
CVE-2026-4471 4.7
CVE-2026-4470 4.7
CVE-2026-4469 4.7
CVE-2026-33035 N/A