CVE-2017-7923

Name: CVE-2017-7923
Creator: NVD / NIST
Published: 2017-05-06T00:29:00.38+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.33%

Last modified Jun 17, 2026

CVE-2017-7923 is a vulnerability of currently unknown severity. A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The password in configuration file vulnerability could allow a malicious user to escalate privileges or assume the identity of another user and access sensitive information.. EPSS estimates a 2.33% chance of exploitation in the next 30 days.

Description

A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The password in configuration file vulnerability could allow a malicious user to escalate privileges or assume the identity of another user and access sensitive information.

Metrics

EPSS Probability

2.33%

81.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Hikvision	Ds-2cd2032-I Firmware	All versions
Hikvision	Ds-2cd2112-I Firmware	All versions
Hikvision	Ds-2cd2132-I Firmware	All versions
Hikvision	Ds-2cd2212-I5 Firmware	All versions
Hikvision	Ds-2cd2232-I5 Firmware	All versions
Hikvision	Ds-2cd2312-I Firmware	All versions
Hikvision	Ds-2cd2332-I Firmware	All versions
Hikvision	Ds-2cd2412f-I\(W\) Firmware	All versions
Hikvision	Ds-2cd2432f-I\(W\) Firmware	All versions
Hikvision	Ds-2cd2512f-I\(S\) Firmware	All versions
Hikvision	Ds-2cd2532f-I\(S\) Firmware	All versions
Hikvision	Ds-2cd2612f-I\(S\) Firmware	All versions
Hikvision	Ds-2cd2632f-I\(S\) Firmware	All versions
Hikvision	Ds-2cd2712f-I\(S\) Firmware	All versions
Hikvision	Ds-2cd2732f-I\(S\) Firmware	All versions
Hikvision	Ds-2cd2t32-I3 Firmware	All versions
Hikvision	Ds-2cd2t32-I5 Firmware	All versions
Hikvision	Ds-2cd2t32-I8 Firmware	All versions
Hikvision	Ds-2cd4012f-\(A\) Firmware	All versions
Hikvision	Ds-2cd4012f-\(P\) Firmware	All versions
Hikvision	Ds-2cd4012f-\(W\) Firmware	All versions
Hikvision	Ds-2cd4012fwd-\(A\) Firmware	All versions
Hikvision	Ds-2cd4012fwd-\(P\) Firmware	All versions
Hikvision	Ds-2cd4012fwd-\(W\) Firmware	All versions
Hikvision	Ds-2cd4024f-\(A\) Firmware	All versions
Hikvision	Ds-2cd4024f-\(P\) Firmware	All versions
Hikvision	Ds-2cd4024f-\(W\) Firmware	All versions
Hikvision	Ds-2cd4032fwd-\(A\) Firmware	All versions
Hikvision	Ds-2cd4032fwd-\(P\) Firmware	All versions
Hikvision	Ds-2cd4032fwd-\(W\) Firmware	All versions
Hikvision	Ds-2cd4112f-I\(Z\) Firmware	All versions
Hikvision	Ds-2cd4112fwd-I\(Z\) Firmware	All versions
Hikvision	Ds-2cd4124f-I\(Z\) Firmware	All versions
Hikvision	Ds-2cd4132fwd-I\(Z\) Firmware	All versions
Hikvision	Ds-2cd4212f-I\(H\) Firmware	All versions
Hikvision	Ds-2cd4212f-I\(S\) Firmware	All versions
Hikvision	Ds-2cd4212f-I\(Z\) Firmware	All versions
Hikvision	Ds-2cd4212fwd-I\(H\) Firmware	All versions
Hikvision	Ds-2cd4212fwd-I\(S\) Firmware	All versions
Hikvision	Ds-2cd4212fwd-I\(Z\) Firmware	All versions
Hikvision	Ds-2cd4224f-I\(H\) Firmware	All versions
Hikvision	Ds-2cd4224f-I\(S\) Firmware	All versions
Hikvision	Ds-2cd4224f-I\(Z\) Firmware	All versions
Hikvision	Ds-2cd4232fwd-I\(H\) Firmware	All versions
Hikvision	Ds-2cd4232fwd-I\(S\) Firmware	All versions
Hikvision	Ds-2cd4232fwd-I\(Z\) Firmware	All versions
Hikvision	Ds-2cd4312f-I\(H\) Firmware	All versions
Hikvision	Ds-2cd4312f-I\(S\) Firmware	All versions
Hikvision	Ds-2cd4312f-I\(Z\) Firmware	All versions
Hikvision	Ds-2cd4324f-I\(H\) Firmware	All versions

Showing 50 of 58 affected configurations. See NVD for the full list.

References

http://www.hikvision.com/us/about_10807.htmlPatch, Vendor Advisory
http://www.securityfocus.com/bid/98313Third Party Advisory, VDB Entry
https://ghostbin.com/paste/q2vq2
https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01Third Party Advisory, US Government Resource
http://www.hikvision.com/us/about_10807.htmlPatch, Vendor Advisory
http://www.securityfocus.com/bid/98313Third Party Advisory, VDB Entry
https://ghostbin.com/paste/q2vq2
https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01Third Party Advisory, US Government Resource
https://www.hikvision.com/cn/support/CybersecurityCenter/SecurityNotices/20170314/
https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification--privilege-escalating-vulnerability-in-cer/
https://www.hikvision.com/us-en/support/document-center/special-notices/privilege-escalating-vulnerability-in-certain-hikvision-ip-cameras/

Timeline

Published: May 6, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-7923?

How severe is CVE-2017-7923?

Severity scoring for CVE-2017-7923 is pending analysis. The EPSS model estimates a 2.33% probability of exploitation in the next 30 days.

How do I fix CVE-2017-7923?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-7923?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST