CVE-2021-36260: Zero-click Hikvision cameras RCE flaw affects 80,000 devices

by do son ·

CVE-2021-36260
Location of vulnerable Hikvision cameras (CYFIRMA)

Security researchers have discovered through automated scanning tools that there are still a lot of security vulnerabilities in Hikvision cameras currently exposed on the public Internet. Any hacker with a little skill can use the vulnerability to infect these cameras or monitor or use it to expand the botnet to launch attacks, etc.

These vulnerabilities were fixed by Hikvision last year, but there are still more than 80,000 cameras that have not been updated with the latest firmware. Affected webcams include 12,690 in China, 10,611 in the US, 7,394 in Vietnam, and 4,834 in the UK.

Location of vulnerable Hikvision cameras (CYFIRMA)

The security vulnerability, tracked as CVE-2021-36260, was discovered in June 2021, and Hikvision disclosed the vulnerability in September after completing the fix.
CVE-2021-36260 is a command injection vulnerability in the web server of some Hikvision products. Due to the insufficient input validation, attackers can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.
In December, researchers from Fortinet disclosed how the Moobot botnet is leveraging a known remote code execution (RCE) vulnerability in Hikvision video surveillance products to grow its network, and use the compromised devices to launch distributed denial-of-service (DDoS) attacks.

At present, in the hacking forums, you can see the account passwords of these cameras being sold by hackers, and the account passwords can be used to remotely connect and control the cameras. Researchers scanned 285,000 Hikvision cameras and found that at least 80,000 of them remained unfixed and easily exploited. Hikvision has released four repair firmware since the first repair. Since there are many affected models, it is recommended that users go to the Hikvision website for inquiries.

Via: bleepingcomputer

Tags: CVE-2021-36260Hikvision