{"id":21458,"date":"2021-09-23T11:10:38","date_gmt":"2021-09-23T09:10:38","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=21458"},"modified":"2021-09-23T11:25:35","modified_gmt":"2021-09-23T09:25:35","slug":"schwachstelle-in-100-millionen-ip-kameras-von-hikvision-und-clones","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2021\/09\/23\/schwachstelle-in-100-millionen-ip-kameras-von-hikvision-und-clones\/","title":{"rendered":"Vulnerability in 100 million IP cameras from Hikvision and OEMs"},"content":{"rendered":"<p><img decoding=\"async\" title=\"Sicherheit (Pexels, allgemeine Nutzung)\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" alt=\"Sicherheit (Pexels, allgemeine Nutzung)\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Sicherheit_klein.jpg\" width=\"200\" align=\"left\">[<a href=\"https:\/\/www.borncity.com\/blog\/2021\/09\/23\/schwachstelle-in-100-millionen-ip-kameras-von-hikvision-und-clones\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]A command injection vulnerability exists in the web server of some Hikvision products due to insufficient input validation. Unauthorized persons could send messages with malicious commands to the web server via this vulnerability. The manufacturer has provided a firmware update to close this vulnerability. OEMs such as ABUS and TRENDnet are also affected.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg07.met.vgwort.de\/na\/66d410b9bc57444882f1b334ae6f7ecc\" width=\"1\" height=\"1\"><a href=\"https:\/\/en.wikipedia.org\/wiki\/Hikvision\" target=\"_blank\" rel=\"noopener\">Hikvision<\/a> has been founded in 2001, and is a Chinese provider of video surveillance products and solutions that had 42,685 employees in 2021. Its turnover is now several billion euros and its security cameras are also widely used in Germany. In addition, Hikvsion cameras are sold by many OEMs. <\/p>\n<p>In 2019, it became known that the company had advertised a security camera as being able to detect ethnic minorities, such as Uyghurs. After critical inquiries regarding Chinese human rights violations against Uyghurs, the company deleted the product page.<\/p>\n<p><a href=\"https:\/\/twitter.com\/DG3FBL\/status\/1440600795628523520\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" title=\"Hikvision Sicherheitsl&uuml;cke\" alt=\"Hikvision Sicherheitsl&uuml;cke\" src=\"https:\/\/i.imgur.com\/c8vLLSt.png\"><\/a><\/p>\n<p>On Twitter DG3FBL informed me about the current vulnerability <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-36260\" target=\"_blank\" rel=\"noopener\">CVE-2021-36260<\/a> in the Hikvision firmware via the above <a href=\"https:\/\/twitter.com\/DG3FBL\/status\/1440600795628523520\" target=\"_blank\" rel=\"noopener\">tweet<\/a>. The vulnerability is likely to affect 100 million cameras from Hikvision and about 90 OEMs. The vulnerability is rated CVSS 9.8, so it is critical and people who use the products to monitor objects should act promptly.&nbsp;&nbsp; <\/p>\n<p>In its security advisory <a href=\"https:\/\/www.hikvision.com\/de\/support\/cybersecurity\/security-advisory\/security-notification-command-injection-vulnerability-in-some-hikvision-products\/\" target=\"_blank\" rel=\"noopener\">HSRC-202109-01<\/a>, dated September 19, 2021, Hikvision only states that a command injection vulnerability exists in the web server of some Hikvision products. Due to insufficient input validation, attackers can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.<\/p>\n<p>The vulnerability was first discovered and reported in June 2021 by security specialists from <a href=\"https:\/\/watchfulip.github.io\/2021\/09\/18\/Hikvision-IP-Camera-Unauthenticated-RCE.html\" target=\"_blank\" rel=\"noopener\">Watchful IP<\/a>. All camera models listed in security advisory <a href=\"https:\/\/www.hikvision.com\/de\/support\/cybersecurity\/security-advisory\/security-notification-command-injection-vulnerability-in-some-hikvision-products\/\" target=\"_blank\" rel=\"noopener\">HSRC-202109-01<\/a>, dated September 19, 2021, that are accessible from the Internet via port forwarding have this vulnerability in the older firmware versions. Attackers could then gain full control over these cameras. <\/p>\n<p>Watchful IP states that even firmware from 2016 was tested and found to be vulnerable. Only access to the http(s) server port (usually 80\/443) is required. No username or password is required, nor does the camera owner need to perform any actions. The attack cannot be detected by logging on the camera itself. A list of affected camera models and firmware versions can be found <a href=\"https:\/\/watchfulip.github.io\/2021\/09\/18\/Hikvision-IP-Camera-Unauthenticated-RCE.html\" target=\"_blank\" rel=\"noopener\">within the Watchful IP article<\/a>, and the patched versions of the firmware are listed in security advisory <a href=\"https:\/\/www.hikvision.com\/de\/support\/cybersecurity\/security-advisory\/security-notification-command-injection-vulnerability-in-some-hikvision-products\/\" target=\"_blank\" rel=\"noopener\">HSRC-202109-01<\/a>. Another report on the topic is available <a href=\"https:\/\/ipvm.com\/reports\/hikvision-36260\" target=\"_blank\" rel=\"noopener\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]A command injection vulnerability exists in the web server of some Hikvision products due to insufficient input validation. Unauthorized persons could send messages with malicious commands to the web server via this vulnerability. The manufacturer has provided a firmware update &hellip; <a href=\"https:\/\/borncity.com\/win\/2021\/09\/23\/schwachstelle-in-100-millionen-ip-kameras-von-hikvision-und-clones\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[448,580,1547],"tags":[544,475,69],"class_list":["post-21458","post","type-post","status-publish","format-standard","hentry","category-devices","category-security","category-software","tag-camera","tag-iot","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/21458","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=21458"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/21458\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=21458"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=21458"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=21458"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}