Critical vulnerability in certain Hikvision products, IP cameras

Australian Cyber Security Centre

Background / What has happened?

A vulnerability (CVE-2021-36260) has been identified in certain Hikvision products. Hikvision is a popular manufacturer of internet protocol cameras sold under the Hikvision brand.

This vulnerability could allow a cyber actor to take full control of the vulnerable device. The cyber actor could then access device functionality or target other devices on the same network in order to steal information or install malware.

To exploit this vulnerability a cyber actor needs to access the web server exposed by the Hikvision device, either over the internet or a local network such as a WiFi network. It is common that these products are exposed to the internet to allow for remote monitoring or administration.

A listing of affected Hikvision products is available from the Hikvision security advisory.

It is possible that other device manufacturers utilise Hikvision hardware and firmware. The ACSC recommends monitoring individual vendor’s for relevant security advisories.

Mitigation / How do I stay secure?

Australian owners of Hikvision products should consult the Hikvision security advisory and apply an appropriate firmware update if required.

As part of cyber security best practice Australian owners should, if possible, prevent such devices from being accessed from anywhere on the internet.

Assistance / Where can I go for help?

The ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ACSC via 1300 CYBER1.

/Public Release. This material comes from the originating organization/author(s)and may be of a point-in-time nature, edited for clarity, style and length. The views and opinions expressed are those of the author(s).View in full here.