More than 80,000 HikVision surveillance cameras exploitable

Posted on 2022-08-25 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]Security researchers found over 80,00 surveillance cameras from HikVision that are exploitable and are accessible via the Internet. Attackers could take over these systems at any time via vulnerabilities using code injection. HikVision has already published a firmware update to close this vulnerability in September 2021 – which was probably not installed everywhere.

Advertising

I came across this via the following tweet from the colleagues at Bleeping Computer. In this article, Cyfirma discloses the details. 

HikVision cameras exploitable

In a nutshell: Security researchers have discovered over 80,000 compromisable Hikvision cameras. A critical command injection vulnerability allows the cameras to be taken over via specially crafted messages sent to the vulnerable web server.

Vulnerability CVE-2021-36260 was fixed by Hikvision in September 2021 via a firmware update (see also Vulnerability in 100 million IP cameras from Hikvision and OEMs). As early as December 2021, there were targeted attacks by the Mirai Moobot botnet on unpatched camera systems – I had reported in the post Mirai Botnet Moobot targets Hikvision camera systems.

Didn't bother many operators of these systems though. According to a whitepaper published by CYFIRMA, many systems used by 2,300 organizations in 100 countries have still not applied the security update. After analyzing 285,000 Internet-connected Hikvision Web servers, the cybersecurity firm found about 80,000 systems still vulnerable to attack.

Advertising

Most of these are located in China and the United States, while Vietnam, the United Kingdom, Ukraine, Thailand, South Africa, France, the Netherlands and Romania each have more than 2,000 vulnerable endpoints.

Akso weak passwords

In addition, there is a second problem: weak passwords. The problem surfaces because users do not set strong passwords out of convenience or do not reset the default passwords that come with the device during setup. Bleeping Computer has discovered several lists of credentials for live video feeds from Hikvision cameras on Clearnet hacking forums, some of which are even free.

Hikvision  IP cameras

Vendor Hikvision has various surveillance camera systems on offer, which then communicate via their firmware with a web server operated on the Internet. Hikvision camera systems are also used by many OEMs under their own name.

Hikvision camera systems

Similar articles:
Vulnerability in 100 million IP cameras from Hikvision and OEMs
Botnet Moobot targets Hikvision camera systems

Advertising
This entry was posted in devices, Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).