Primary

Context

Hikvision DVR Improper Authentication Vulnerability Allowing Command Execution via Serial Port

Vulnerability

Patched

An improper authentication vulnerability has been identified in certain Hikvision DVR models. This vulnerability arises from a flawed implementation of authentication for the serial port, enabling an attacker with physical access to connect to the affected DVRs and execute a series of commands. The issue affects Hikvision DVR models DS-7104HGHI-F1 and DS-7204HGHI-F1, specifically those running versions through V4.30.122_201107.

Impact

Exploitation of this vulnerability allows for improper authentication, enabling physical access to the device to be used for unauthorized command execution via the serial port.

Remediation

Users can upgrade to Hikvision DVR firmware version V4.30.123_251114 to address this vulnerability.

Added: Dec 19, 2025, 7:24 AM

Updated: Dec 19, 2025, 7:24 AM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

7.5

exploitability

3.8

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

7.5

exploitability

3.8

remediation

7.7

relevance

1.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Hikvision DVR Improper Authentication Vulnerability Allowing Command Execution via Serial Port

Vulnerability

Impact

Remediation

Affected Products

Hikvision DS-7204HGHI-F1

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating