Login Sign Up

CVE-2017-7921

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

This vulnerability allows attackers to bypass authentication on affected Hikvision IP cameras and surveillance devices, potentially gaining unauthorized access to video feeds and device controls. It affects multiple Hikvision camera series with specific firmware versions, primarily those used in security and surveillance systems.

💻 Affected Systems

Products:
  • Hikvision DS-2CD2xx2F-I Series
  • DS-2CD2xx0F-I Series
  • DS-2CD2xx2FWD Series
  • DS-2CD4x2xFWD Series
  • DS-2CD4xx5 Series
  • DS-2DFx Series
  • DS-2CD63xx Series
Versions: V5.2.0 build 140721 to V5.4.5 Build 160928 depending on product series
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects specific firmware versions across multiple camera models; devices with default configurations are vulnerable.

📦 What is this software?

Ds 2cd2032 I Firmware by Hikvision

View all CVEs affecting Ds 2cd2032 I Firmware →

Ds 2cd2112 I Firmware by Hikvision

View all CVEs affecting Ds 2cd2112 I Firmware →

Ds 2cd2132 I Firmware by Hikvision

View all CVEs affecting Ds 2cd2132 I Firmware →

Ds 2cd2212 I5 Firmware by Hikvision

View all CVEs affecting Ds 2cd2212 I5 Firmware →

Ds 2cd2232 I5 Firmware by Hikvision

View all CVEs affecting Ds 2cd2232 I5 Firmware →

Ds 2cd2312 I Firmware by Hikvision

View all CVEs affecting Ds 2cd2312 I Firmware →

Ds 2cd2332 I Firmware by Hikvision

View all CVEs affecting Ds 2cd2332 I Firmware →

Ds 2cd2412f I\(w\) Firmware by Hikvision

View all CVEs affecting Ds 2cd2412f I\(w\) Firmware →

Ds 2cd2432f I\(w\) Firmware by Hikvision

View all CVEs affecting Ds 2cd2432f I\(w\) Firmware →

Ds 2cd2512f I\(s\) Firmware by Hikvision

View all CVEs affecting Ds 2cd2512f I\(s\) Firmware →

Ds 2cd2532f I\(s\) Firmware by Hikvision

View all CVEs affecting Ds 2cd2532f I\(s\) Firmware →

Ds 2cd2612f I\(s\) Firmware by Hikvision

View all CVEs affecting Ds 2cd2612f I\(s\) Firmware →

Ds 2cd2632f I\(s\) Firmware by Hikvision

View all CVEs affecting Ds 2cd2632f I\(s\) Firmware →

Ds 2cd2712f I\(s\) Firmware by Hikvision

View all CVEs affecting Ds 2cd2712f I\(s\) Firmware →

Ds 2cd2732f I\(s\) Firmware by Hikvision

View all CVEs affecting Ds 2cd2732f I\(s\) Firmware →

Ds 2cd2t32 I3 Firmware by Hikvision

View all CVEs affecting Ds 2cd2t32 I3 Firmware →

Ds 2cd2t32 I5 Firmware by Hikvision

View all CVEs affecting Ds 2cd2t32 I5 Firmware →

Ds 2cd2t32 I8 Firmware by Hikvision

View all CVEs affecting Ds 2cd2t32 I8 Firmware →

Ds 2cd4012f \(a\) Firmware by Hikvision

View all CVEs affecting Ds 2cd4012f \(a\) Firmware →

Ds 2cd4012f \(p\) Firmware by Hikvision

View all CVEs affecting Ds 2cd4012f \(p\) Firmware →

Ds 2cd4012f \(w\) Firmware by Hikvision

View all CVEs affecting Ds 2cd4012f \(w\) Firmware →

Ds 2cd4012fwd \(a\) Firmware by Hikvision

View all CVEs affecting Ds 2cd4012fwd \(a\) Firmware →

Ds 2cd4012fwd \(p\) Firmware by Hikvision

View all CVEs affecting Ds 2cd4012fwd \(p\) Firmware →

Ds 2cd4012fwd \(w\) Firmware by Hikvision

View all CVEs affecting Ds 2cd4012fwd \(w\) Firmware →

Ds 2cd4024f \(a\) Firmware by Hikvision

View all CVEs affecting Ds 2cd4024f \(a\) Firmware →

Ds 2cd4024f \(p\) Firmware by Hikvision

View all CVEs affecting Ds 2cd4024f \(p\) Firmware →

Ds 2cd4024f \(w\) Firmware by Hikvision

View all CVEs affecting Ds 2cd4024f \(w\) Firmware →

Ds 2cd4032fwd \(a\) Firmware by Hikvision

View all CVEs affecting Ds 2cd4032fwd \(a\) Firmware →

Ds 2cd4032fwd \(p\) Firmware by Hikvision

View all CVEs affecting Ds 2cd4032fwd \(p\) Firmware →

Ds 2cd4032fwd \(w\) Firmware by Hikvision

View all CVEs affecting Ds 2cd4032fwd \(w\) Firmware →

Ds 2cd4112f I\(z\) Firmware by Hikvision

View all CVEs affecting Ds 2cd4112f I\(z\) Firmware →

Ds 2cd4112fwd I\(z\) Firmware by Hikvision

View all CVEs affecting Ds 2cd4112fwd I\(z\) Firmware →

Ds 2cd4124f I\(z\) Firmware by Hikvision

View all CVEs affecting Ds 2cd4124f I\(z\) Firmware →

Ds 2cd4132fwd I\(z\) Firmware by Hikvision

View all CVEs affecting Ds 2cd4132fwd I\(z\) Firmware →

Ds 2cd4212f I\(h\) Firmware by Hikvision

View all CVEs affecting Ds 2cd4212f I\(h\) Firmware →

Ds 2cd4212f I\(s\) Firmware by Hikvision

View all CVEs affecting Ds 2cd4212f I\(s\) Firmware →

Ds 2cd4212f I\(z\) Firmware by Hikvision

View all CVEs affecting Ds 2cd4212f I\(z\) Firmware →

Ds 2cd4212fwd I\(h\) Firmware by Hikvision

View all CVEs affecting Ds 2cd4212fwd I\(h\) Firmware →

Ds 2cd4212fwd I\(s\) Firmware by Hikvision

View all CVEs affecting Ds 2cd4212fwd I\(s\) Firmware →

Ds 2cd4212fwd I\(z\) Firmware by Hikvision

View all CVEs affecting Ds 2cd4212fwd I\(z\) Firmware →

Ds 2cd4224f I\(h\) Firmware by Hikvision

View all CVEs affecting Ds 2cd4224f I\(h\) Firmware →

Ds 2cd4224f I\(s\) Firmware by Hikvision

View all CVEs affecting Ds 2cd4224f I\(s\) Firmware →

Ds 2cd4224f I\(z\) Firmware by Hikvision

View all CVEs affecting Ds 2cd4224f I\(z\) Firmware →

Ds 2cd4232fwd I\(h\) Firmware by Hikvision

View all CVEs affecting Ds 2cd4232fwd I\(h\) Firmware →

Ds 2cd4232fwd I\(s\) Firmware by Hikvision

View all CVEs affecting Ds 2cd4232fwd I\(s\) Firmware →

Ds 2cd4232fwd I\(z\) Firmware by Hikvision

View all CVEs affecting Ds 2cd4232fwd I\(z\) Firmware →

Ds 2cd4312f I\(h\) Firmware by Hikvision

View all CVEs affecting Ds 2cd4312f I\(h\) Firmware →

Ds 2cd4312f I\(s\) Firmware by Hikvision

View all CVEs affecting Ds 2cd4312f I\(s\) Firmware →

Ds 2cd4312f I\(z\) Firmware by Hikvision

View all CVEs affecting Ds 2cd4312f I\(z\) Firmware →

Ds 2cd4324f I\(h\) Firmware by Hikvision

View all CVEs affecting Ds 2cd4324f I\(h\) Firmware →

Ds 2cd4324f I\(s\) Firmware by Hikvision

View all CVEs affecting Ds 2cd4324f I\(s\) Firmware →

Ds 2cd4324f I\(z\) Firmware by Hikvision

View all CVEs affecting Ds 2cd4324f I\(z\) Firmware →

Ds 2cd4332fwd I\(h\) Firmware by Hikvision

View all CVEs affecting Ds 2cd4332fwd I\(h\) Firmware →

Ds 2cd4332fwd I\(s\) Firmware by Hikvision

View all CVEs affecting Ds 2cd4332fwd I\(s\) Firmware →

Ds 2cd4332fwd I\(z\) Firmware by Hikvision

View all CVEs affecting Ds 2cd4332fwd I\(z\) Firmware →

Ds 2cd63xx Series Firmware by Hikvision

View all CVEs affecting Ds 2cd63xx Series Firmware →

Ds 2cd6412fwd Firmware by Hikvision

View all CVEs affecting Ds 2cd6412fwd Firmware →

Ds 2dfx Series Firmware by Hikvision

View all CVEs affecting Ds 2dfx Series Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of surveillance systems allowing unauthorized access to live video feeds, device reconfiguration, firmware modification, and potential use as network foothold for further attacks.

🟠

Likely Case

Unauthorized access to video streams and camera controls, potentially exposing sensitive surveillance footage and allowing camera manipulation.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, though authentication bypass remains possible within the segmented network.

🌐 Internet-Facing: HIGH - Directly exposed devices can be compromised without authentication, leading to surveillance system breaches.
🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this to access surveillance systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires network access to device web interface; tools and scripts are publicly available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware versions after the affected ranges (check specific product for exact fixed version)

Vendor Advisory: http://www.hikvision.com/us/about_10805.html

Restart Required: Yes

Instructions:

1. Identify exact camera model and current firmware version. 2. Download appropriate firmware update from Hikvision support portal. 3. Upload firmware via web interface or Hikvision tools. 4. Reboot camera after update completes.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate cameras on separate VLAN with strict firewall rules preventing external access

Access Control Lists

all

Implement IP-based restrictions to limit which systems can access camera web interfaces

🧯 If You Can't Patch

  • Segment cameras on isolated network with no internet access
  • Implement strict firewall rules allowing only authorized management systems to access camera interfaces

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface at http://[camera-ip]/System/deviceInfo or using Hikvision tools; compare against affected version ranges.

Check Version:

curl -s http://[camera-ip]/System/deviceInfo | grep -i firmware

Verify Fix Applied:

Verify firmware version is outside affected ranges and test authentication requirements for web interface access.

📡 Detection & Monitoring

Log Indicators:

  • Unauthenticated access attempts to web interface
  • Multiple failed login attempts followed by successful access
  • Access from unexpected IP addresses

Network Indicators:

  • HTTP requests to camera web interface without authentication headers
  • Unusual traffic patterns to camera management ports

SIEM Query:

source="camera-logs" AND (event="authentication_bypass" OR (status=200 AND auth="none"))

📊 Metadata

CVE ID: CVE-2017-7921
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-287
Published: May 6, 2017
Last Updated: March 5, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-7921, you might also want to check these:

CVE-2024-27767 10.0

CVE-2024-27767 is an authentication bypass vulnerability that allows attackers to gain unauthorized ...

Same vulnerability type (CWE-287)
CVE-2026-24898 10.0

OpenEMR versions before 8.0.0 contain an unauthenticated token disclosure vulnerability in the MedEx...

Same vulnerability type (CWE-287)
CVE-2026-20127 10.0

This critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager al...

Same vulnerability type (CWE-287)