CVE-2015-4409
Severity CVSS v4.0:
Pending analysis
Type:
CWE-119
Buffer Errors
Publication date:
13/03/2017
Last modified:
20/04/2025
Description
Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the SDK issue.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:hikvision:ds-76xxx_series_firmware:*:*:*:*:*:*:*:* | 3.3.4 (including) | |
| cpe:2.3:h:hikvision:ds-7604ni-e1\/4p:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:hikvision:ds-7608ni-12\/8p:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:hikvision:ds-7608ni-e1\/8p:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:hikvision:ds-7616ni-12\/16p:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:hikvision:ds-7616ni-e2\/16p:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:hikvision:ds-77xxx_series_firmware:*:*:*:*:*:*:*:* | 3.3.4 (including) | |
| cpe:2.3:h:hikvision:ds-7716ni-14\/16p:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:hikvision:ds-7716ni-sp\/16:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page