CVE-2025-45851
📋 TL;DR
This vulnerability allows unauthenticated attackers to cause a Denial of Service (DoS) on Hikvision DS-2CD1321-I cameras by sending a specially crafted POST request to the /ISAPI/Security/challenge endpoint. Affected systems are Hikvision IP cameras running vulnerable firmware versions, potentially disrupting video surveillance operations.
💻 Affected Systems
- Hikvision DS-2CD1321-I IP Camera
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Camera becomes completely unresponsive, requiring physical reboot or factory reset, causing extended surveillance downtime.
Likely Case
Camera service disruption for minutes to hours until automatic or manual restart occurs.
If Mitigated
No impact if cameras are patched or network controls prevent access to vulnerable endpoint.
🎯 Exploit Status
Simple HTTP POST request with crafted payload can trigger the DoS condition. No authentication required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: V5.7.23_SP2
Vendor Advisory: https://assets.hikvision.com/prd/public/all/files/202506/releasenote%5CNetwork_Camera-V5.7.23_SP2_Release_Note-E8.pdf
Restart Required: Yes
Instructions:
1. Download V5.7.23_SP2 firmware from Hikvision support site. 2. Access camera web interface. 3. Navigate to Configuration > System > Maintenance > Upgrade. 4. Upload firmware file. 5. Wait for automatic reboot.
🔧 Temporary Workarounds
Network Access Control
allBlock external access to camera management interface and restrict internal access to authorized systems only.
Endpoint Firewall Rules
allConfigure firewall to block access to /ISAPI/Security/challenge endpoint from untrusted networks.
🧯 If You Can't Patch
- Isolate cameras on separate VLAN with strict access controls
- Implement network monitoring for suspicious POST requests to /ISAPI/Security/challenge
🔍 How to Verify
Check if Vulnerable:
Check firmware version via web interface: Configuration > System > System Settings > Version. If version is V5.7.21 build 230819 or earlier, system is vulnerable.Check Version:
curl -s http://[CAMERA_IP]/ISAPI/System/deviceInfo | grep -i firmwareVerify Fix Applied:
After patching, verify firmware version shows V5.7.23_SP2 or later in the version information.📡 Detection & Monitoring
Log Indicators:
- Multiple failed POST requests to /ISAPI/Security/challenge
- Camera service restart logs
- Unusual traffic patterns to camera management interface
Network Indicators:
- HTTP POST requests to /ISAPI/Security/challenge with unusual payloads
- Sudden drop in camera network traffic followed by reboot
SIEM Query:
source="camera_logs" AND (uri="/ISAPI/Security/challenge" AND method="POST")