Published: 01/12/2017 Updated: 11/04/2024

CVSS v2 Base Score: 3.3 | Impact Score: 2.9 | Exploitability Score: 6.5

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 294

Vector: AV:A/AC:L/Au:N/C:N/I:P/A:N

HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate malicious users to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi encryption or authentication. NOTE: Vendor states that this is not a vulnerability, but more an increase to the attack surface of the product

Vulnerable Product	Search on Vulmon	Subscribe to Product
hikvision ds-2cd2432f-iw_firmware

HikVision Wi-Fi IP cameras come with a default SSID "davinci", with a setting of no WiFi encryption or authentication Depending on the firmware version, there is no configuration option within the camera to turn off Wi-Fi If a camera is deployed via wired ethernet, then the WiFi settings won't be adjusted, and a rogue AP with the SSID "davinci" c ...

CWE-311 http://seclists.org/fulldisclosure/2017/Nov/43 http://packetstormsecurity.com/files/145131/HikVision-Wi-Fi-IP-Camera-Wireless-Access-Point-State.html https://nvd.nist.gov https://packetstormsecurity.com/files/145131/HikVision-Wi-Fi-IP-Camera-Wireless-Access-Point-State.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-14953

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect