31 AUG 2022
More than 80,000 Hikvision cameras have been discovered to be vulnerable to exploitation and exposed on the public Internet. These vulnerabilities were fixed by Hikvision last year, however there are still cameras that have not been updated with the latest firmware thus remain unfixed. Hikvision has released four repair firmware since the first repair. Any hacker with a little skill can use the vulnerability to infect these cameras or monitor or use it to expand the botnet to launch attacks, etc. The account passwords of these cameras are being sold by hackers, and these passwords can be used to remotely connect and control the cameras.
Any hacker with a little skill can use the vulnerability to infect these cameras or monitor or use it to expand the botnet to launch attacks, etc. The account passwords of these cameras are being sold by hackers, and these passwords can be used to remotely connect and control the cameras.
- Attackers can gain access to devices and potentially even launch a physical attack.
- It can be used either for "botnetting" or lateral movement.
- Attackers can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.
Please install the updates immediately if your device firmware version is dated earlier than 210628 (28 June 2021).
Information of affected versions and resolved versions can be found at the link below:
- Rename the default admin account and set a new admin password.
- Use a strong password or passphrase and change it regularly. Best practice is to change the password every 3 to 6 months.
- Keep camera devices only on a local network.
- Enable multi-factor authentication for devices to prevent unauthorized access to accounts.
- If the camera is wirelessly capable, turn on WPA2 Encryption to prevent eavesdroppers from connecting or accessing video feeds.
- Keep your software up to date. Install the latest available firmware update (https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notificationcommand-injection-vulnerability-in-some-hikvision-products/security-notification-commandinjection-vulnerability-in-some-hikvision-products/)
- Be sure to always backup video footage.
- Isolate the IoT network from critical assets using a firewall or VLAN.