Back to KEVs

CVE-2017-7921

An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series...

Basic Information

CVE State
PUBLISHED
Reserved Date
April 18, 2017
Published Date
May 06, 2017
Last Updated
March 05, 2026
Vendor
n/a
Product
Hikvision Cameras
Description
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.
Tags
cisa nuclei_scanner

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SSVC Information

Exploitation
active
Automatable
Yes
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2026-06-01 13:30:35 UTC) Source
Proof of Concept Available
Yes (added 2020-04-27 11:49:40 UTC) Source

References

https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01 http://www.securityfocus.com/bid/98313 https://ghostbin.com/paste/q2vq2 http://www.hikvision.com/us/about_10805.html

Known Exploited Vulnerability Information

Source Added Date
CVE 2026-06-01 11:37:59 UTC

Scanner Integrations

Scanner URL Date Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2017/CVE-2017-7921.yaml 2025-04-25 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

kooroshsanaei/HikVision-CVE-2017-7921

Type: github • Created: 2024-07-02 11:47:35 UTC • Stars: 5

Test For CVE-2017–7921;

b3pwn3d/CVE-2017-7921

Type: github • Created: 2023-11-20 18:44:13 UTC • Stars: 0

fracergu/CVE-2017-7921

Type: github • Created: 2023-08-27 17:29:48 UTC • Stars: 1

CVE-2017-7921 exploit. Allows admin password retrieval and automatic snapshot download.

K3ysTr0K3R/CVE-2017-7921-EXPLOIT

Type: github • Created: 2023-07-24 14:48:38 UTC • Stars: 21

A PoC exploit for CVE-2017-7921 - Hikvision Camera Series Improper Authentication Vulnerability.

inj3ction/CVE-2017-7921-EXP

Type: github • Created: 2022-10-19 13:48:49 UTC • Stars: 0

201646613/CVE-2017-7921

Type: github • Created: 2022-07-20 07:07:07 UTC • Stars: 6

CVE-2017-7921-EXP Hikvision camera

p4tq/hikvision_CVE-2017-7921_auth_bypass_config_decryptor

Type: github • Created: 2022-06-15 03:49:05 UTC • Stars: 0

chrisjd20/hikvision_CVE-2017-7921_auth_bypass_config_decryptor

Type: github • Created: 2021-01-29 16:08:35 UTC • Stars: 102

This python file will decrypt the configurationFile used by hikvision cameras vulnerable to CVE-2017-7921.

BurnyMcDull/CVE-2017-7921

Type: github • Created: 2020-11-12 09:02:10 UTC • Stars: 36

海康威视未授权访问检测poc及口令爆破

JrDw0/CVE-2017-7921-EXP

Type: github • Created: 2020-04-27 11:49:40 UTC • Stars: 90

Hikvision camera CVE-2017-7921-EXP

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Proof of Concept Exploit Available

  • Detected by Nuclei

  • Added to KEVIntel