{"id":9834,"date":"2026-01-13T10:04:09","date_gmt":"2026-01-13T10:04:09","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/01\/13\/multiple-hikvision-vulnerabilities-let-attackers-cause-device-malfunction-using-crafted-packets\/"},"modified":"2026-01-13T10:04:09","modified_gmt":"2026-01-13T10:04:09","slug":"multiple-hikvision-vulnerabilities-let-attackers-cause-device-malfunction-using-crafted-packets","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/01\/13\/multiple-hikvision-vulnerabilities-let-attackers-cause-device-malfunction-using-crafted-packets\/","title":{"rendered":"Multiple Hikvision Vulnerabilities Let Attackers Cause Device Malfunction Using Crafted Packets"},"content":{"rendered":"

Multiple Hikvision Vulnerabilities Let Attackers Cause Device Malfunction Using Crafted Packets
\n \t

\n
<\/BR>
\n
\n \t

\n
<\/BR><\/p>\n

\n

Hikvision, a leading provider of surveillance and access control systems, faces serious security risks from two newly disclosed stack overflow vulnerabilities.<\/p>\n

These flaws, tracked as CVE-2025-66176 and CVE-2025-66177, allow attackers on the same local area network (LAN) to trigger device malfunctions by sending specially crafted packets. Both carry a high CVSS v3.1 base score of 8.8, indicating significant potential impact without requiring authentication.<\/p>\n

Security researchers uncovered these issues in Hikvision\u2019s device Search and Discovery feature, a protocol used for network detection.<\/p>\n

Exploitation demands only adjacent network access, such as shared Wi-Fi or office LANs, making it a prime target for insiders or opportunistic hackers. An unpatched device could crash entirely, disrupting critical operations in surveillance setups.<\/p>\n

\n\n\n\n\n\n\n
CVE ID<\/th>\nAffected Products<\/th>\nCVSS v3.1 Base Score<\/th>\nDescription<\/th>\n<\/tr>\n<\/thead>\n
CVE-2025-66176<\/td>\nPartial Access Control Series Products<\/td>\n8.8 (AV:A\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H)<\/td>\nStack overflow in Search and Discovery feature<\/td>\n<\/tr>\n
CVE-2025-66177<\/td>\nPartial NVR, DVR, CVR, IPC Series Products<\/td>\n8.8 (AV:A\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H)<\/td>\nStack overflow in Search and Discovery feature<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n

The vector breakdown reveals low complexity: attackers need no privileges (PR:N) and no user interaction (UI:N), with high confidentiality, integrity, and availability impacts (C:H\/I:H\/A:H).<\/p>\n

CVE-2025-66176 was reported by a Cisco Talos Team member, while CVE-2025-66177 came from independent researchers Angel Lozano Alcazar and Pedro Guillen Nu\u00f1ez. Their disclosures underscore ongoing scrutiny of IoT and surveillance gear, where stack overflows have repeatedly enabled denial-of-service attacks.<\/p>\n

Hikvision urges<\/a> immediate patching. Users can download firmware updates from the official support page<\/a>. The company emphasizes network segmentation and disabling unused discovery features as interim mitigations.<\/p>\n

These flaws arrive amid heightened concerns over video surveillance security. Last year saw similar Hikvision advisories, prompting CISA alerts on supply chain risks. Organizations relying on these devices, from smart buildings to public safety, should prioritize scans using tools like Nmap for exposed services.<\/p>\n

Experts warn that unpatched systems could lead to broader incidents, such as surveillance blackouts during emergencies. \u201cLAN-adjacent attacks lower the bar for disruption,\u201d noted a Talos spokesperson. As threats evolve, vendors must accelerate zero-trust implementations in embedded systems.<\/p>\n

Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n

The post Multiple Hikvision Vulnerabilities Let Attackers Cause Device Malfunction Using Crafted Packets<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n

\t

\n
<\/BR>
\n Guru Baran
\n \t

\n
<\/BR>
\nGo to cyber-security-news<\/a>
\n \t

\n
<\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"

Multiple Hikvision Vulnerabilities Let Attackers Cause Device Malfunction Using Crafted Packets Hikvision, a leading provider of surveillance and access control systems, faces serious security risks from two newly disclosed stack overflow vulnerabilities. These flaws, tracked as CVE-2025-66176 and CVE-2025-66177, allow attackers on the same local area network (LAN) to trigger device malfunctions by sending specially […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,131,648],"tags":[130],"class_list":["post-9834","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-vulnerability","category-vulnerability-news","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/9834"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=9834"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/9834\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=9834"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=9834"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=9834"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}