theinfosecnews
theinfosecnews
Subscribe to Daily Digest

CVE-2017-7921

CISA KEV

Published March 5, 2026 · Updated April 3, 2026

high

What This Means

# CVE-2017-7921: Hikvision Authentication Bypass Hikvision cameras and NVRs fail to properly validate user credentials, allowing unauthenticated attackers to bypass authentication mechanisms and escalate privileges on affected devices. An attacker with network access can gain administrative control, access stored video footage, modify system settings, or pivot to connected infrastructure. Audit your network for Hikvision devices, apply available firmware patches immediately, isolate affected systems behind VLANs and firewall rules, and consider replacing end-of-life products that cannot be patched.

Official Description+

Multiple Hikvision products contain an improper authentication vulnerability that could allow a malicious user to escalate privileges on the system and gain access to sensitive information.

Affected Products

VendorProduct
HikvisionMultiple Products

Patch Status

Patch by 2026-03-26

Recommended Actions

  1. Check if your systems use any of the affected products listed above.
  2. Apply vendor patches immediately if available.
  3. This vulnerability is in CISA's Known Exploited Vulnerabilities catalog — prioritize remediation.
  4. Monitor vendor advisories for updates and additional mitigations.
  5. Review logs for indicators of compromise related to CVE-2017-7921.

Related Coverage

Vvulnerability

CVE-2017-7921: Hikvision Authentication Bypass Gives Attackers Unauthenticated Privilege Escalation Across DVRs, NVRs, and IP Cameras

CVE-2017-7921 is an improper authentication vulnerability in multiple Hikvision DVRs, NVRs, and IP cameras that allows unauthenticated attackers to escalate privileges and access sensitive data over the network without valid credentials. CISA has mandated federal agency remediation by March 26, 2026, confirming active exploitation in the wild. Organizations should apply Hikvision firmware patches immediately, isolate management interfaces behind VPN, and audit all Hikvision devices for default credentials.

CISA KEV·29d ago·3 min read