THE Known Exploited Vulnerabilities (KEV) catalog lists CVE-2017-7921 as a Hikvision vulnerability affecting multiple products described as an Improper Authentication vulnerability that could allow a malicious user to escalate privileges on the system and gain access to sensitive information. The entry notes aRelated CWE: CWE-287 and states that it is Unknown whether it is Known To Be Used in Ransomware Campaigns. Date Added is 5 March 2026 with a Due Date of 26 March 2026.
The recommended action is to apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. This item appears under the Hikvision vendor/project listing in the KEV catalog, which serves as an input to vulnerability management prioritization for defenders. Additional notes include links to Hikvision support notices and the NVD entry for CVE-2017-7921.