CVE-2025-66176
Severity CVSS v4.0:
Pending analysis
Type:
CWE-121
Stack-based Buffer Overflow
Publication date:
13/01/2026
Last modified:
22/01/2026
Description
There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:hikvision:ds-k1t331_firmware:*:*:*:*:*:*:*:* | 3.7.80 (excluding) | |
| cpe:2.3:h:hikvision:ds-k1t331:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:hikvision:ds-k1t341a_firmware:*:*:*:*:*:*:*:* | 3.7.80 (excluding) | |
| cpe:2.3:h:hikvision:ds-k1t341a:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:hikvision:ds-k1t341b_firmware:*:*:*:*:*:*:*:* | 3.7.80 (excluding) | |
| cpe:2.3:h:hikvision:ds-k1t341b:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:hikvision:ds-k1t671_firmware:*:*:*:*:*:*:*:* | 3.7.80 (excluding) | |
| cpe:2.3:h:hikvision:ds-k1t671:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:hikvision:ds-k5671_firmware:*:*:*:*:*:*:*:* | 3.7.80 (excluding) | |
| cpe:2.3:h:hikvision:ds-k5671:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:hikvision:ds-k1t672_firmware:*:*:*:*:*:*:*:* | 3.7.80 (excluding) | |
| cpe:2.3:h:hikvision:ds-k1t672:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:hikvision:ds-k1t680_firmware:*:*:*:*:*:*:*:* | 3.7.80 (excluding) | |
| cpe:2.3:h:hikvision:ds-k1t680:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:hikvision:ds-k1t981_firmware:*:*:*:*:*:*:*:* | 3.7.80 (excluding) |
To consult the complete list of CPE names with products and versions, see this page