Hikvision cameras have a critical remote code execution vulnerability
Posted: Mon Sep 20, 2021 10:02 pm
FYI.......
The majority of the recent camera product ranges of Hikvision cameras are susceptible to a critical remote unauthenticated code execution vulnerability even with latest firmware (as of 21 June 2021). Some older models are affected also as far back as at least 2016. Some NVRs are also affected, though this is less widespread.
More details from Hikvision:
https://www.hikvision.com/en/support/cy ... -products/
This is being tracked as CVE-2021-36260
Summary:
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.
The majority of the recent camera product ranges of Hikvision cameras are susceptible to a critical remote unauthenticated code execution vulnerability even with latest firmware (as of 21 June 2021). Some older models are affected also as far back as at least 2016. Some NVRs are also affected, though this is less widespread.
More details from Hikvision:
https://www.hikvision.com/en/support/cy ... -products/
This is being tracked as CVE-2021-36260
Summary:
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.
