CVE-2025-66174

There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and run a series of commands.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://www.hikvision.com/en/support/cybersecurity/security-advisory/serial-port-privilege-escalation-vulnerabilities-in-some-hikvision-nvr-devices/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:hikvision:ds-7104hghi-f1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hikvision:ds-7104hghi-f1:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:hikvision:ds-7204hghi-f1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hikvision:ds-7204hghi-f1:-:*:*:*:*:*:*:*

History

23 Dec 2025, 21:45

Type	Values Removed	Values Added
References	~~() https://www.hikvision.com/en/support/cybersecurity/security-advisory/serial-port-privilege-escalation-vulnerabilities-in-some-hikvision-nvr-devices/ -~~	() https://www.hikvision.com/en/support/cybersecurity/security-advisory/serial-port-privilege-escalation-vulnerabilities-in-some-hikvision-nvr-devices/ - Vendor Advisory
First Time		Hikvision ds-7104hghi-f1 Hikvision Hikvision ds-7104hghi-f1 Firmware Hikvision ds-7204hghi-f1 Firmware Hikvision ds-7204hghi-f1
CPE		cpe:2.3:h:hikvision:ds-7204hghi-f1:-:::::::* cpe:2.3:o:hikvision:ds-7104hghi-f1_firmware:::::::: cpe:2.3:o:hikvision:ds-7204hghi-f1_firmware:::::::: cpe:2.3:h:hikvision:ds-7104hghi-f1:-:::::::*

19 Dec 2025, 16:15

Type	Values Removed	Values Added
CWE		CWE-287

19 Dec 2025, 07:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-12-19 07:16

Updated : 2025-12-23 21:45

NVD link : CVE-2025-66174

Mitre link : CVE-2025-66174

CVE.ORG link : CVE-2025-66174

JSON object : View

Products Affected

hikvision

ds-7104hghi-f1_firmware
ds-7204hghi-f1_firmware
ds-7104hghi-f1
ds-7204hghi-f1

CWE

CWE-287

Improper Authentication

{"id": "CVE-2025-66174", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "hsrc@hikvision.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2025-12-19T07:16:01.817", "references": [{"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/serial-port-privilege-escalation-vulnerabilities-in-some-hikvision-nvr-devices/", "tags": ["Vendor Advisory"], "source": "hsrc@hikvision.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and run a series of commands."}], "lastModified": "2025-12-23T21:45:04.027", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hikvision:ds-7104hghi-f1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E24B2885-8FBF-4738-8C7A-1C8DB3823EE5", "versionEndIncluding": "4.30.122_201107"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hikvision:ds-7104hghi-f1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8104E12A-CD97-4F8F-9A76-8CD308B9F98A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hikvision:ds-7204hghi-f1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DA771B5-1C67-4A32-90B2-A7E0E9C194F7", "versionEndIncluding": "4.30.122_201107"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hikvision:ds-7204hghi-f1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6DF801EB-DDBF-44C6-84BB-9D903FEBEAC8"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "hsrc@hikvision.com"}