Hikvision IP camera/NVR firmware vulnerability
This blog contains information regarding Hikvision IP camera/NVR firmware vulnerability. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.
T-Update
This blog contains information regarding Hikvision IP camera/NVR firmware vulnerability. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.
Update October 29, 2021
15:00 | The majority of the Hikvision cameras are susceptible to a critical unauthenticated remote code execution vulnerability. This permits an attacker to gain full control of the device.
A firmware update was made available on the 19th of September, fixing the vulnerability. However, an increase in public attention was noticed, due to a proof on concept being publicly released. This will increase the likelihood of the vulnerability actively being exploited in the wild.
Hikvision camera systems are also sold under different brands. These systems may use the same firmware and are therefore potentially also vulnerable. There are no details with regards to these products available. It is advised to check for updates for your camera system.
Our advice is to check if any of your products is listed and apply the required firmware update as soon as possible. If the camera systems can’t be updated, it’s recommended to limit inbound network connections.
Achtergrond
The vulnerability has a CVSS score of 9.8. The CVSS scale ranges from 0 to 10. A score of 9.8 or higher is rare and typically indicates a high probability of exploitation with significant impact. Due to the vulnerability, an attacker can add a line to the /etc/passwd file via a vulnerability likely present in a web component of the camera. This allows the attacker to create their own user account, with full privileges and a shell of their choice. Camera systems whose interface is exposed to attackers (for example, by being directly connected to the internet) are vulnerable. Hikvision has released a firmware update to address the vulnerability. It is recommended to install the firmware update as soon as possible. This vulnerability needs to be patched immediately, as a proof-of-concept has been released. Hikvision has published an article listing the affected products and versions. The advice is to check if these products are in use and then install the available firmware update promptly.
Risico
The vulnerability CVE-2021-36260 allows a remote attacker to gain full control over the camera. The main risk is access of the camera being used as a steppingstone into gaining access to the rest of the IT-infrastructure. Additionally, the camera(s) can be used in a botnet or to watch physical locations.
Hikvision has published a firmware update to resolve the vulnerability. It’s recommended to install the firmware update as soon as possible. This is a patch-now vulnerability, as a proof of concept has been released.
Advies
Schrijf je in voor T-Updates
Ontvang elke woensdag het laatste nieuws over malware of kwetsbaarheden in je mail
More than 1,000 organizations have already joined us.
