Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
India Halts WhatsApp Usernames Rollout Due to Fraud Concerns
July 1, 2026
Critical Cursor IDE RCE Vulnerabilities Allow Zero-Click Prompt Injection
July 1, 2026
Automated Password Spray Attacks Target Microsoft Azure CLI
July 1, 2026
Home/CyberSecurity News/Multiple Hikvision Vulnerabilities Let Attackers Cause Device Malfunction Using Crafted Packets
CyberSecurity News

Multiple Hikvision Vulnerabilities Let Attackers Cause Device Malfunction Using Crafted Packets

Two newly disclosed stack overflow vulnerabilities present serious security risks for Hikvision, a leading provider of surveillance and access control systems. These flaws, tracked as CVE-2025-66176...

Jennifer sherman
Jennifer sherman
January 13, 2026 2 Min Read
29 0

Two newly disclosed stack overflow vulnerabilities present serious security risks for Hikvision, a leading provider of surveillance and access control systems.

These flaws, tracked as CVE-2025-66176 and CVE-2025-66177, allow attackers on the same local area network (LAN) to trigger device malfunctions by sending specially crafted packets. Both carry a high CVSS v3.1 base score of 8.8, indicating significant potential impact without requiring authentication.

Security researchers uncovered these issues in Hikvision’s device Search and Discovery feature, a protocol used for network detection.

Exploitation demands only adjacent network access, such as shared Wi-Fi or office LANs, making it a prime target for insiders or opportunistic hackers. An unpatched device could crash entirely, disrupting critical operations in surveillance setups.

CVE ID Affected Products CVSS v3.1 Base Score Description
CVE-2025-66176 Partial Access Control Series Products 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Stack overflow in Search and Discovery feature
CVE-2025-66177 Partial NVR, DVR, CVR, IPC Series Products 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Stack overflow in Search and Discovery feature

The vector breakdown reveals low complexity: attackers need no privileges (PR:N) and no user interaction (UI:N), with high confidentiality, integrity, and availability impacts (C:H/I:H/A:H).

CVE-2025-66176 was reported by a Cisco Talos Team member, while CVE-2025-66177 came from independent researchers Angel Lozano Alcazar and Pedro Guillen Nuñez. Their disclosures underscore ongoing scrutiny of IoT and surveillance gear, where stack overflows have repeatedly enabled denial-of-service attacks.

Hikvision urges immediate patching. Users can download firmware updates from the official support page. The company emphasizes network segmentation and disabling unused discovery features as interim mitigations.

These flaws arrive amid heightened concerns over video surveillance security. Last year saw similar Hikvision advisories, prompting CISA alerts on supply chain risks. Organizations relying on these devices, from smart buildings to public safety, should prioritize scans using tools like Nmap for exposed services.

Experts warn that unpatched systems could lead to broader incidents, such as surveillance blackouts during emergencies. “LAN-adjacent attacks lower the bar for disruption,” noted a Talos spokesperson. As threats evolve, vendors must accelerate zero-trust implementations in embedded systems.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitHackerPatchSecurityThreat

Share Article

Jennifer sherman

Jennifer sherman

Jennifer is a cybersecurity news reporter covering data breaches, ransomware campaigns, and dark web markets. With a background in incident response, Jennifer provides unique insights into how organizations respond to cyber attacks and the evolving tactics of threat actors. Her reporting has covered major breaches affecting millions of users and has helped organizations understand emerging threats. Jennifer combines technical knowledge with investigative journalism to deliver in-depth coverage of cybersecurity incidents.

Previous Post

Malicious Chrome Extension Steals Wallet Login Credentials and Enables Automated Trading

Next Post

AsyncRAT Leveraging Cloudflare’s Free-Tier Services to Mask Malicious Activities and Detection

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Fluentd Vulnerabilities Allow Remote Code Execution
July 1, 2026
Weaponized Google Ads Install Malicious Claude Code to Hijack macOS
July 1, 2026
Critical Adobe ColdFusion Vulnerabilities Let Attackers Run Code
July 1, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us