FYI.......
The majority of the recent camera product ranges of Hikvision cameras are susceptible to a critical remote unauthenticated code execution vulnerability even with latest firmware (as of 21 June 2021). Some older models are affected also as far back as at least 2016. Some NVRs are also affected, though this is less widespread.
More details from Hikvision:
https://www.hikvision.com/en/support/cy ... -products/
This is being tracked as CVE-2021-36260
Summary:
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.
Hikvision cameras have a critical remote code execution vulnerability
-
Thixotropic
- Posts: 747
- Joined: Wed Sep 04, 2019 7:20 pm
- Location: Low-Earth Orbit
Hikvision cameras have a critical remote code execution vulnerability
Blue Iris 5.x x64 | Windows 10 Pro x64 | 16GB RAM | i7-7700 3.6 GHz | 1TB HDD | 2TB RAID NAS | 9 Cameras | Almost Dual NIC | 2KVA UPS
Re: Hikvision cameras have a critical remote code execution vulnerability
You should consider ALL security cameras to have vulnerabilities capable of stealing all of your money along with your spouse. Protect your system accordingly.
Re: Hikvision cameras have a critical remote code execution vulnerability
Yup, connect them only to your second NIC 
Forum Moderator.
Problem ? Ask and we will try to assist, but please check the Help file.
Problem ? Ask and we will try to assist, but please check the Help file.