Zero-click Hikvision Cameras RCE Flaw (CVE-2021-36260)

BACKGROUND

More than 80,000 Hikvision cameras have been discovered to be vulnerable to exploitation and
exposed on the public Internet. These vulnerabilities were fixed by Hikvision last year, however there
are still cameras that have not been updated with the latest firmware thus remain unfixed. Hikvision
has released four repair firmware since the first repair.

Any hacker with a little skill can use the vulnerability to infect these cameras or monitor or use it to
expand the botnet to launch attacks, etc. The account passwords of these cameras are being sold by
hackers, and these passwords can be used to remotely connect and control the cameras.

IMPACT

Attackers can gain access to devices and potentially even launch a physical attack.

  •  It can be used either for "botnetting" or lateral movement.
  •  Attackers can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

AFFECTED VERSIONS

Please install the updates immediately if your device firmware version is dated earlier than 210628 (28
June 2021).
Information of affected versions and resolved versions can be found at the link below:
Security Notification - Command Injection Vulnerability in Some Hikvision products - Command Injection Vulnerability - Hikvision

RECOMMENDATIONS