Serious vulnerability puts Hikvision cameras under control

Hikvision Cameras Affected by Critical Failure

Serious vulnerability puts Hikvision cameras under control

This security flaw affects the firmware of Hikvision IP cameras, both recent and older. They found that this affects the most recent version released on June 21st as well as other models with even 2016 versions.

This vulnerability not only affects IP cameras, but is also present in some NVR Models … However, in this case, this is not such a common problem.

How can you use CVE-2021-36260 vulnerability what affects IP cameras and some Hikvision NVR models? A hypothetical attacker could take complete control of a device simply by using a root shell without administrator rights. According to the researchers behind this discovery, they may have even more permissions than the device owners themselves, as they are limited by a limited secure shell.

But this not only affects the IP cameras themselves, they can access and attack on internal networks … In addition, these cameras are often connected in vulnerable locations, so many critical infrastructures can be compromised. This critical vulnerability allows remote code to execute without being authenticated for complete control.

An attacker would only need access to the HTTPS server port, which is usually 80/443 … No username or password is required. In addition, the owner of the camera will not need to do anything, and the whole process will be invisible. This opens the way for anyone to exploit this vulnerability.

Cámaras Hikvision

Many affected models and fixes available

Security Researchers who discovered this severe security flaw have provided a Complete List of Affected Models to Hikvision. Many cameras and firmware versions can be used by an intruder and have full access. It is always important to use good CCTV cameras.

Recommended
The best viral hashtags on TikTok, which ones to use to get views?

They were able to run a proof of concept to exploit the vulnerability and, for example, were able to retrieve the password for the administrator account and access the content.

The good news is that patches are available, and the devices are at least partially protected. IPC_G3 (V5.5.800 Build 210628) fixes this issue and users should install it to be protected.

Once again, the importance of keeping the latest versions available on any type of device or system is demonstrated. Especially when it comes to computers connected to a network, it is more important to fix any glitches and prevent disclosure as soon as possible so that any attacker can take advantage of these vulnerabilities and gain access that could compromise the user’s security and privacy. , in addition to the operation itself. …

Related Articles

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker. Thanks.