01304 827609 info@use-ip.co.uk Find us

Firmware Hikvision declare new vulnerabilities in mass email blast sent Saturday 18th September 2021

CliveC

Well-Known Member
Messages
79
Points
8
Yesterday evening I received an email from Hivision detailing a critical vulnerability in a number of their products and a link to new firmware.

The advisory is: Here

It appears I have two camera models affected by this, as they match the document, but the link to new firmware produces no results.
I wonder if the USeIP team can help with advice.
The two cameras are:
PTZ-N2404I-DE3 Running V5.6.0 build 190128
DS-2DE2A404IW-DE3 Running V5.6.16 build 200925
 
Hi Clive,

Just a quick response from me for now.
I received the same advisory.
Jumped on the PC quickly, with a view to sharing here in the forum.
Followed the various threads in their email and published notices.
And found I was unable to make head nor tail of what they wanted users to do :(

@Dan will get straight onto Hikvision Tech Support for some clarification on Monday morning.

I can only apologise for their unclear (urgent) message on a Saturday afternoon! :rolleyes: :(:oops::confused:

In the meantime, standard message applies still - update your devices to the latest available firmware ...
 
and put proper firewall rule in place to restrict as much as possible your devices
 
Thanks @Phil much appreciated.
What woudl have been good, is to directly link from the advisory page to each firmware update needed for the models referenced.

Also would be good if they could actually put Firmware for the HiLook PTZ-Nxxx cameras on the EU or UK portals, even for the older versions that have the exact sane model with different suffixes. Finding firmware for these is challenging, however based on the advistory am expecting updates for those.
 
Last edited:
Hi All,

We've asked Hikvision to better explain the firmware situation in regards to this vulnerability and whether the fix has already been included in earlier firmware or are new firmware updates expected to fix this issue in the coming days, their answer is below:

Yes, we have patched versions regarding this issue. Our team is now working hard on updating the new FW towards the models affected by the vulnerability, and the majority of products including all currently sold models have a firmware patch supplied on the UK portal but a few models are still to receive a patch this week.
All firmware will be complete by 24th September. Apologies for any inconvenience caused so far.

So basically, some firmware versions (released since the issue was discovered in June) do include the fix and any models that are affected and are yet to receive a new update should receive those updates by the end of this week.

It is quite a disappointing response by Hikvision and so for the time being we would simply recommend that you make sure your camera is running the latest version available.

As @CliveC stated above I have asked Hik support/HQ to add links to the affected camera table so that all end-users can easily navigate to the latest version, but I doubt they will do this and we may all just have to keep an eye out for new firmware releases in the next week or so and link to them here in this thread so everyone can access them.
 
As I stated in my report (report):

At time of writing updated firmware seems to be properly deployed on the Hikvision China region firmware portal for Chinese region devices, but only partially on the Global site. On the European www.hikvisioneurope.com and Russian http://ftp.hikvision.ru sites even much of the updated firmware from the incomplete Global site is missing. Other regional portals are also likely unreliable.

IPC_G3 firmware: DS-2CD2026G2-I(U)

It's the one not marked (C) which refers to IPC_G5.
 
Last edited:
Security vulnerabilitys can happen every where!

Thats why i go always this ways:

- Using only LTE (Industrial Standard) with a SIM/Provider with only Private IP or only VPN Tunnel
- Dont use default ports! Change them like 80 to 831 or something like this
- Use strong password
- Install before the nvr a firewall like sophos, ubiquiti, pfsense or similiar products
- Check for open ports, and close not needed ports
- Use VLAN's to seperate the cameras and nvr from the general network
- Use VPN for remote service or hik central
 
Thread pinned.
Tagged as a firmware issue.
Subject / title edited to grab attention to the issue.
This thread will evolve and clarify the actions required as they become clearer.
 
one thing i noticed, firmware for G3 version also jumped to x.x.800 version, it will be fun vs G5

is there any way to get a change log? that kind of jump might mean more than security fix?
 
I've copied the affected camera table from the Hikvision website and started adding some links to fixed/unaffected firmware, if you have spotted a new release patch firmware or just have a link to an already released fixed firmware please post a comment below and we'll add it to the table.

(I haven't tested any of the firmware from these links but some of them are firmware versions from the Hikvision global site which means that certain global regions may have issues installing them, please let us know if there are any issues with particular versions.)

Product nameAffected version(s)
DS-2CVxxx1 - (D) Models - Firmware_V5.5.803 210817 / (B) and Non-(B) or (D) Models - V5.5.803 210817 (either IPCG or IPCTC versions, check read me notes)
DS-2CVxxx5
DS-2CVxxx6 - (D) Models - Firmware_V5.5.800_210701
Versions which Build time before 210625
HWI-xxxx
IPC-xxxx
DS-2CD1xx1 - V5.5.801 build210701 - For DS-2CD1x21 and DS-2CD1x31 models
DS-2CD1x23
DS-2CD1x43(B)
DS-2CD1x43(C)
DS-2CD1x43G0E
DS-2CD1x53(B)
DS-2CD1x53(C)
DS-2CD1xx7G0
DS-2CD2xx6G2 - Non-(C) Models - V5.5.800_210628 / (C) Models - V5.5.801_210727
DS-2CD2xx7G2 - Non-(C) Models - V5.5.800_210628 / (C) Models - V5.5.801_210727
DS-2CD2xx2WD - V5.4.800 210813 (supported models - DS-2CD2x32, DS-2CD2x22, DS-2CD2x12, DS-2CD2x31)
DS-2CD2x21G0
DS-2CD2xx3G2 (V5.5.801_210727)
DS-2CD3xx6G2 - (C) Models - V5.5.801_210727
DS-2CD3xx7G2 - (C) Models - V5.5.801_210727
DS-2CD3xx7G0E
DS-2CD3x21G0
DS-2CD3x51G0
DS-2CD3xx3G2 - Firmware_V5.5.801_210727
DS-2CD4xx0
DS-2CD4xx6
DS-2CD5xx7
DS-2CD5xx5
iDS-2XM6810
iDS-2CD6810
DS-2XE62x7FWD(D)
DS-2XE30x6FWD(B)
DS-2XE60x6FWD(B)
DS-2XE62x2F(D)
DS-2XC66x5G0
DS-2XE64x2F(B)
DS-2CD7xx6G0
DS-2CD8Cx6G0
KBA18(C)-83x6FWD
(i)DS-2DExxxx
(i)DS-2PTxxxx
(i)DS-2SE7xxxx
DS-2DYHxxxx
DS-2DY9xxxx - (T3) Models - V5.5.800 build210628
PTZ-Nxxxx
HWP-Nxxxx
DS-2DF5xxxx - (T3) Models - V5.5.800 build210628
DS-2DF6xxxx - (T3) Models - Same as above
DS-2DF6xxxx-Cx - (T3) Models - Same as above
DS-2DF7xxxx - (T3) Models - Same as above
DS-2DF8xxxx - (T3) Models - Same as above

DS-2DF9xxxx
DS-2DF9Cxxxx(T2) Models - v5.5.800_210628 (upgrading from v5.5.40) / v5.5.801_210628 (upgrading from v5.5.41)
iDS-2PT9xxxx
iDS-2SK7xxxx
iDS-2SK8xxxx - v5.5.800_210628
iDS-2SR8xxxx
iDS-2VSxxxx
DS-2TBxxx
DS-Bxxxx
DS-2TDxxxxB
Versions which Build time before 210702
DS-2TD1xxx-xx
DS-2TD2xxx-xx
DS-2TD41xx-xx/Wx
DS-2TD62xx-xx/Wx
DS-2TD81xx-xx/Wx
DS-2TD4xxx-xx/V2
DS-2TD62xx-xx/V2
DS-2TD81xx-xx/V2
DS-76xxNI-K1xx - non-(B)/(C) model - V3.4.103_build 181226

DS-76xxNI-Qxx - non-(C) model - V4.30.085 build210409

DS-HiLookI-NVR-1xxMHxx - D-series (NVR-104MH-D(C)) V4.31.110 build210811
DS-HiLookI-NVR-2xxMHxx
DS-HiWatchI-HWN-41xxMHxx - V4.31.108 build210825
DS-HiWatchI-HWN-42xxMHxx - Same as above (V4.31.108)
V4.30.210 Build201224 - V4.31.000 Build210511
DS-71xxNI-Q1xx - V3.4.99_Build180706
DS-HiLookI-NVR-1xxMHxx
DS-HiLookI-NVR-1xxHxx
DS-HiWatchI-HWN-21xxMHxx - V4.31.110 build210811
DS-HiWatchI-HWN-21xxHxx - Same as above (v4.31.110)
V4.30.300 Build210221 - V4.31.100 Build210511

The vulnerability seems to affect more models than are just on this list as Hikvision support continue to release new firmware for models not shown above, below is a table of the newly released firmware for some other models not covered above:

Firmware Family (Product Name)New Firmware
Camera
E0 Civil platform (2U01,2U21,2Q01,2Q21)V5.4.8 build210820
E1 platform (12X1,13X1)V5.5.8 build210816
E2 platform (DS-2CD1X01)V5.5.800 build210818
E2 platform(iDS-2CD6810F, Dual lens people counting)V5.4.800_210812
E3 platform (2X23G0D-IW2 2X21G1-IDW1'2 1X23G0 2X21G0 2X27G3E 6425G0)V5.5.800_210628 - 2 versions available (IPC & IPCR) so check the read me notes to confirm which version is compatible with your model
E7 platform (1xx3G0, 1X43G0E, 1xx7G0, 3xx7G0E, 2DE1C200IW)IPC_V5.5.800 210816 / IPCH_V5.5.800 210816 (see the read me notes for each version to see which models are compatible)
E8 Explosion-Proof (2XE30x6FWD(B), 2XE60x6FWD(B), 2XE62x2F(D))V5.5.800_210823
E8 Platform (1xx3G0(-IUF)(C), 1xx7G0(-LUF), 2xx1G1/G0(C), 3xx1G0(C), 3xx7G0(-LUF), DS-2DE2C200MW-DE, DS-2DE2C400MW-DE, HWI-xx21H(C))IPCE_V5.5.800 210628 / IPC_R_V5.5.800 210628
G0 platform (1X43G0 1X53G0 2X47G3E 2X4'51G1-IDW1'2, IPC-xx4xH, IPC-xx5xH)5.5.89_210429
G5 Platform (XS6A Solar Kit)V5.5.801_210701
H1 Platform (DS-2CD6A64 PanoVu)V5.4.800_210814
H1 DarkfighterX (DS-2CD5028)V5.4.800 build210812
H5 Platform (DS-2CD69x4G0)V5.5.800_210628
H5 Platform (2XU72xx5)V5.5.800_210630
H8 Platform (iDS-2CD7xx6G0(C))5.7.70 build 210811
R2 platform (DS-2CD1x10,1X02,1X21,2xx0,2X14,4xx0)V5.4.800 build210813 (1xx2,1xx0,2xx0) / V5.4.800 build210812 (4xx0)
Speed Dome (PTZ)
R0 PTZ Platform (DS-2DExxxx-DE(-AE), DS-2DExxxx-DE3(-AE3))5.4.800_210812
PanoVu PTZ ( DS-2PT3x2xIZ, DS-2PT5x2xIZ)5.5.800_210630
H7 Positioning (DS-2DY9xxxx(T3))V5.5.800_210628
H5 Positioning (iDS-2DYHxxx-T2)V5.5.800_210628
H5 Positioning (iDS-2DY9xxx-T2)V5.5.802_210709
H8 Positioning (DS-2DY92xxx(T5))V5.7.0_210628
H5 PTZ series (DS-2DFxxxxX(T2))V5.5.801 build210628
H5 PTZ Series (DS-2DF6Cxxx-CX-T2)5.5.800_210701
H7 PTZ series(DS-2DFxxxxX(T3),DS-2DYxxxx(T3))V5.5.801 build210628
G3 PTZ series (DS-2DExxxx(S5),DS-2SE7Cxxxx(S5))See each sub-catergory for the compatible v5.5.800 firmware for your model
E7 PTZ series (DS-2DE4&7xxxIW(S6))V5.6.800 build210628
 
Last edited:
UPDATE - Hikvision UK Support has shared an official statement on the vulnerability (mostly the info shared last weekend) and FAQ document about the vulnerability. (see attached)
 

Attachments

  • CVE UK Partner Letter.pdf
    420.6 KB · Views: 359
  • FAQs- Command Injection Vulnerability (final) 240921.pdf
    1.1 MB · Views: 399
Hi Dan
in your table with linked firmware you show DS-2CD2xx6G2 twice.

DS-2CD2xx6G2 - Non-(C) Models - V5.5.800_210628 / (C) Models - V5.5.801_210727
DS-2CD2xx6G2 - Non-(C) Models - V5.5.800_210628 / (C) Models - V5.5.801_210727


the second one should read DS-2CD2xx7G2 . (the link is pointing to correct model on HIK global page.)
 
Is it possible to find out if DS-2CD2F22FWD-IS is affected? I don't see new firmware for it, so assume not, but there is a model listed that is the same except for the final F
 
Ah useful thank you - these are old cameras, but use R6 series firmware, which seems unaffected. So for my cameras just waiting for R7 series updates now. These are HiLook branded in my case.
 
I have DS-2DE3304W-DE Firmware V5.6.0 build 190507. I see R0 PTZ Platform (DS-2DExxxx-DE(-AE), DS-2DExxxx-DE3(-AE3)) on the list but the listed firmware is below mine.
If my camera is not on the list, I would still like to update to the newest firmware. Where can I find the newest firmware for my device?

Thanks
 
Back
Top