Skip to main content

Zero-click Hikvision Cameras RCE Flaw (CVE-2021-36260)

thumbnail advisory

31 AUG 2022

BACKGROUND

More than 80,000 Hikvision cameras have been discovered to be vulnerable to exploitation and exposed on the public Internet. These vulnerabilities were fixed by Hikvision last year, however there are still cameras that have not been updated with the latest firmware thus remain unfixed. Hikvision has released four repair firmware since the first repair. Any hacker with a little skill can use the vulnerability to infect these cameras or monitor or use it to expand the botnet to launch attacks, etc. The account passwords of these cameras are being sold by hackers, and these passwords can be used to remotely connect and control the cameras.

Any hacker with a little skill can use the vulnerability to infect these cameras or monitor or use it to expand the botnet to launch attacks, etc. The account passwords of these cameras are being sold by hackers, and these passwords can be used to remotely connect and control the cameras.

 

IMPACT

  • Attackers can gain access to devices and potentially even launch a physical attack.
  • It can be used either for "botnetting" or lateral movement.
  • Attackers can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

 

AFFECTED VERSIONS

Please install the updates immediately if your device firmware version is dated earlier than 210628 (28 June 2021).

Information of affected versions and resolved versions can be found at the link below:

https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification-commandinjection-vulnerability-in-some-hikvision-products/security-notification-command-injectionvulnerability-in-some-hikvision-products/

 

RECOMMENDATIONS