10.29.2021

Action Requested- Hikvision IP Camera Vulnerability

Alert
  • facebook share link
  • twitter share link
  • linkedin share link
  • mail share link

Date of Notice: 10/29/2021

Action Level - Critical

Description

MCNC would like to make you aware of a Hikvision IP camera vulnerability affecting the most recent software release, as well as code and products dating back to 2016. Once an attack is successful, complete control of the Hikvision device is gained and lateral movement inside your network is possible. Further an attacker is capable of creating their own user accounts on this device with unrestricted access to the device.

Affected Device

Numerous Hikvision IP Camera products, the extensive list is on their website, linked here.

Attack Vector

The attacker needs network access. Your webcams were discovered, for this article, by scraping publicly available data sources.

Attack Feasibility

This attack hasn’t been fully revealed as the security researcher is giving the community time to patch, it is indicated that this could end up packaged and sold to criminals.

Mitigations

Patches/upgrades are available on the vendor website, download and install these patches.

Explore the need to permit external access to webcams. Webcams that are publicly available are popular targets and a compromised webcam could permit that video feed being freely available.

Remediation

MCNC
PO Box 12889
3021 East Cornwallis Road
RTP, NC 27709-2889
919-248-1900 Phone | 919-248-1101 Fax
Connect With Us
  • linkedin
  • instagram
  • x
  • facebook
  • youtube
© 2024 MCNC