Vulnerability Description
Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the ISAPI issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hikvision | Ds-76Xxx Series Firmware | <= 3.3.4 |
| Hikvision | Ds-7604Ni-E1\/4P | - |
| Hikvision | Ds-7608Ni-12\/8P | - |
| Hikvision | Ds-7608Ni-E1\/8P | - |
| Hikvision | Ds-7616Ni-12\/16P | - |
| Hikvision | Ds-7616Ni-E2\/16P | - |
| Hikvision | Ds-77Xxx Series Firmware | <= 3.3.4 |
| Hikvision | Ds-7716Ni-14\/16P | - |
| Hikvision | Ds-7716Ni-Sp\/16 | - |
Related Weaknesses (CWE)
References
- http://www.hikvision.com/En/Press-Release-details_435_i1023.htmlPatchVendor Advisory
- http://www.hikvision.com/En/Press-Release-details_435_i1023.htmlPatchVendor Advisory
FAQ
What is CVE-2015-4408?
CVE-2015-4408 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request,...
How severe is CVE-2015-4408?
CVE-2015-4408 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-4408?
Check the references section above for vendor advisories and patch information. Affected products include: Hikvision Ds-76Xxx Series Firmware, Hikvision Ds-7604Ni-E1\/4P, Hikvision Ds-7608Ni-12\/8P, Hikvision Ds-7608Ni-E1\/8P, Hikvision Ds-7616Ni-12\/16P.