High-Severity Hikvision Vulnerabilities Allowing Local Network Attacks on Surveillance Devices, Urges Immediate Firmware Updates for Affected Systems
Hikvision has disclosed two high-severity vulnerabilities that allow local network attackers to crash surveillance devices without authentication, raising serious concerns around IoT security, video surveillance risks, and urgent firmware patching.
Tech Author
Hikvision, a widely used provider of video surveillance and access control systems, is facing fresh cybersecurity concerns after researchers discovered two serious security vulnerabilities affecting several of its devices. These newly identified flaws could allow attackers to disrupt surveillance systems without needing login credentials, raising risks for organizations that rely on these products for security.
The vulnerabilities are tracked as CVE-2025-66176 and CVE-2025-66177. Both issues are classified as stack overflow flaws and carry a high severity score of 8.8. They exist in Hikvision’s Search and Discovery feature, which helps devices find each other on a local network. If exploited, these flaws can cause affected devices to malfunction or crash completely.
The fact that attackers simply need to have access to the same local area network (LAN) as the device makes the problem even more concerning. Internal building networks, public Wi-Fi, and shared office networks are a few examples of this. There is no need for a username, password, or user interaction. The vulnerability could be easily exploited by a attacker sending crafted network packets.
Certain access control devices, as well as several models of NVR, DVR, CVR, and IP cameras, are among those vulnerable. Researchers warn that unpatched devices may stop working unexpectedly, resulting in surveillance downtime. This might lead to major privacy violations in contexts including businesses, buildings, hospitals, and public spaces.
Security experts point out that local network attacks are especially dangerous because they lower the barrier for disruption. Insiders, compromised devices, or unauthorized users on the same network could exploit the flaws. Similar vulnerabilities in IoT and surveillance equipment have previously been used for denial-of-service attacks.
Hikvision has acknowledged the issue and advises users to apply the current firmware upgrades as soon as possible. The company has released patches through its official support channels. As a cautionary step, users should segment networks and disable unnecessary discovery services until upgrades are installed.
Cybersecurity experts emphasize the importance of keeping monitoring systems up to date. Unpatched vulnerabilities can cause system disruptions at critical moments. Regular security scans, firmware updates, and network monitoring are still required to defend video surveillance systems against new cyber threats.
Information referenced in this article is from Cyber Security News
