Auth bypass in Hikvision Cameras
CVE-2017-7921
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4…
Vulnerability class: Broken Authentication
EPSS: 0.942 (99.9th percentile) — read the EPSS interpretation.
Affected products
- N/a Hikvision Cameras — versions Hikvision Cameras
Weakness classification (CWE)
CISA KEV (Known Exploited Vulnerabilities)
This CVE is on the CISA KEV catalog, added on . CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.
BOD 22-01 due date: .
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Public proof-of-concept exploits
- chrisjd20/hikvision_CVE-2017-7921_auth_bypass_config_decryptor
- JrDw0/CVE-2017-7921-EXP
- K3ysTr0K3R/CVE-2017-7921-EXPLOIT
- BurnyMcDull/CVE-2017-7921
- voidsshadows/Hikvision-City-Hunter
- MisakaMikato/cve-2017-7921-golang
- 201646613/CVE-2017-7921
- Wyl-cmd/CVE-2017-7921-Research-Toolkit
- kooroshsanaei/HikVision-CVE-2017-7921
- aengussong/hikvision_probe
References
- ics-cert.us-cert.gov/advisories/ICSA-17-124-01 (x_refsource_MISC)
- 98313 (vdb-entry, x_refsource_BID)
- ghostbin.com/paste/q2vq2 (x_refsource_MISC)
- www.hikvision.com/us/about_10805.html (x_refsource_MISC)
Frequently asked questions
- What is CVE-2017-7921?
- CVE-2017-7921 is a vulnerability in Hikvision Cameras, classified under Improper Authentication. Published 2017-05-06.
- Is CVE-2017-7921 known to be exploited?
- Yes. CVE-2017-7921 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2026-03-05), indicating it is being actively exploited. 90 public proof-of-concept repositories are indexed.