What is CVE-2014-4880?

CVE-2014-4880 is a vulnerability in Hikvision Dvr_ds-7204, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2014-12-08.

Is CVE-2014-4880 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Hikvision Dvr_ds-7204

CVE-2014-4880

Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote attackers to execute arbitrary code via an RTSP PLAY request with a long Authorization header.

Vulnerability class: Buffer Overflow

EPSS: 0.786 (99.1th percentile) — read the EPSS interpretation.

Affected products

Hikvision Dvr_ds-7204
Hikvision Dvr_ds-7204_firmware — versions 2.2.10
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

References

35356 (Exploit, exploit, x_refsource_EXPLOIT-DB)
cret@cert.org (Exploit, x_refsource_MISC)

Frequently asked questions

What is CVE-2014-4880?: CVE-2014-4880 is a vulnerability in Hikvision Dvr_ds-7204, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2014-12-08.
Is CVE-2014-4880 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.