CVE-2025-66173 identifies a privilege escalation vulnerability in the Hikvision DS-7104HGHI-F1 digital video recorder (DVR) product line. The root cause is an improper authentication mechanism on the device's serial port interface. Specifically, the device fails to enforce adequate authentication controls when accessed via the serial port, allowing an attacker with physical access to bypass normal security restrictions. By connecting directly to the serial port, an attacker can obtain an unrestricted shell environment, effectively gaining full control over the device's operating system and functions. This can lead to unauthorized access to video feeds, manipulation or deletion of recordings, and potentially pivoting to other networked systems. The vulnerability affects firmware versions up to and including V4.30.122_201107. The CVSS 3.1 score is 6.2 (medium severity), reflecting that exploitation requires physical access (AV:P), low attack complexity (AC:L), high privileges (PR:H), no user interaction (UI:N), and impacts confidentiality, integrity, and availability (all high). No patches or exploits are currently publicly available, but the vulnerability is published and should be addressed proactively. The CWE classification is CWE-269, indicating improper privilege management. This vulnerability is particularly concerning for environments where physical security of devices is not guaranteed, such as public or semi-public locations.

For European organizations, the impact of this vulnerability can be significant, especially for those relying on Hikvision DS-7104HGHI-F1 DVRs in security and surveillance roles. Unauthorized shell access allows attackers to manipulate video surveillance data, potentially erasing evidence or disabling monitoring capabilities, which undermines physical security and incident response. Confidentiality of video feeds can be compromised, exposing sensitive information. Integrity and availability of the device and recorded data are at risk, potentially disrupting security operations. Organizations in critical infrastructure sectors, transportation, government facilities, and large enterprises using these devices are particularly vulnerable. The requirement for physical access limits remote exploitation but does not eliminate risk in environments where devices are accessible to unauthorized personnel. This vulnerability could also facilitate lateral movement within a network if the DVR is connected to internal systems. The absence of known exploits reduces immediate risk but does not preclude targeted attacks or insider threats.

1. Physically secure all Hikvision DS-7104HGHI-F1 devices to prevent unauthorized access to serial ports, including locking enclosures and restricting access to authorized personnel only. 2. Monitor and audit physical access logs and surveillance device locations regularly to detect unauthorized presence. 3. Apply firmware updates or patches from Hikvision as soon as they become available to address this vulnerability. 4. If firmware updates are not yet available, consider isolating affected devices on segmented networks with strict access controls to limit potential lateral movement. 5. Disable or restrict serial port access where possible, or implement additional physical or logical controls to prevent unauthorized connections. 6. Employ network monitoring to detect unusual activity originating from DVR devices that could indicate compromise. 7. Incorporate this vulnerability into risk assessments and incident response plans, emphasizing physical security controls. 8. Engage with Hikvision support or authorized vendors for guidance on interim mitigations and future patch timelines.