1. Home
  2. CVE Database
  3. CVE-2025-66174
MEDIUM · 6.5

CVE-2025-66174

There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could explo...

Vulnerability Description

There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and run a series of commands.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
LOW

Affected Products

VendorProductVersions
HikvisionDs-7104Hghi-F1 Firmware<= 4.30.122_201107
HikvisionDs-7104Hghi-F1-
HikvisionDs-7204Hghi-F1 Firmware<= 4.30.122_201107
HikvisionDs-7204Hghi-F1-

Related Weaknesses (CWE)

CWE-287

References

FAQ

What is CVE-2025-66174?

CVE-2025-66174 is a vulnerability with a CVSS score of 6.5 (MEDIUM). There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could explo...

How severe is CVE-2025-66174?

CVE-2025-66174 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-66174?

Check the references section above for vendor advisories and patch information. Affected products include: Hikvision Ds-7104Hghi-F1 Firmware, Hikvision Ds-7104Hghi-F1, Hikvision Ds-7204Hghi-F1 Firmware, Hikvision Ds-7204Hghi-F1.