Multiple Hikvision Vulnerabilities Allow Attackers to Disrupt Devices Using Crafted Packets

Hikvision has disclosed two critical buffer overflow vulnerabilities affecting its security devices that could allow network-based attackers to cause device malfunctions without requiring authentication.

The security flaws, tracked as CVE-2025-66176 and CVE-2025-66177, pose significant risks to access control systems and video recording infrastructure across enterprise and critical infrastructure deployments.

Both vulnerabilities stem from stack overflow issues embedded within the device search and discovery feature of affected Hikvision products.

An attacker on the same local area network can exploit these weaknesses by sending specially crafted packets to unpatched devices, disrupting the system.

The attack requires no user interaction or elevated privileges, making these flaws particularly concerning for organizations relying on Hikvision’s surveillance and access control systems.

The vulnerabilities carry identical CVSS v3.1 base scores of 8.8, reflecting high severity across multiple security dimensions. The attack vector string (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) indicates that while attackers must be on an adjacent network, the low attack complexity, combined with no privilege or user interaction requirements, creates a substantial risk.

The potential impact spans confidentiality, integrity, and availability of affected devices.

CVE-2025-66176 specifically targets Hikvision’s Access Control Series Products, while CVE-2025-66177 affects Network Video Recorders, Digital Video Recorders, Central Video Recorders, and IP Cameras.

Hikvision has published a comprehensive list of specific affected models through its official security advisory portal.

Hikvision has issued firmware patches to address both vulnerabilities and emphasizes the prompt application of updates to mitigate potential network-based attacks.

Users should immediately obtain the latest firmware versions from Hikvision’s official support download center.

The discovery of CVE-2025-66176 was credited to the Cisco Talos Team, while independent security researchers Angel Lozano Alcazar and Pedro Guillen Nuñez discovered CVE-2025-66177.

Hikvision acknowledged both research teams for their responsible disclosure practices.

Network administrators are advised to implement immediate defensive measures while deploying patches.

Recommended actions include segmenting surveillance networks to isolate devices from untrusted zones, restricting device discovery protocols to trusted network segments, and monitoring for anomalous traffic patterns that could indicate active exploitation attempts.

These interim measures are particularly critical for organizations operating in enterprise and critical-infrastructure environments, where the availability of surveillance systems directly impacts security operations.