Hikvision administrators have claimed there is “a zero-click vulnerability” in the majority of their security cameras. In this article, you’ll learn about Hikvision Critical Vulnerability.
Additionally, there is a possibility that an unauthenticated hacker can gain access to your NVR and even internal networks. Details of said Remote Code Execution (RCE) bug in certain Hikvision products that can bypass usernames and passwords have been leaked.
This exposure can be exploited to the point of gaining access to a device and being able to control it. A hacker can also use said compromised devices to gain further access to internal networks.
Overall, more than 70 Hikvision cameras and NVRs are exposed to this critical vulnerability. And more than 100 million devices were affected by the issue. Want to find out more about the topic? Check out: Are Hikvision cameras secure?
How does the Hikvision Critical Vulnerability work?
Usually, access to the HTTPS server port is the only thing needed. Typically the 80/443 server port is used to target Hikvision Critical Vulnerability.
Passwords and usernames are not necessary for an attacker to target the camera. Plus, they do not rely on the user for any action. And cannot be detected once they log into the camera.
This vulnerability to bugs has been present in the firmware since 2016 and has been both acknowledged and repaired by Hikvision. The brand also released a security advisory to alert users of at-risk products.
Why Hikvision Critical Vulnerability happens
Because there is insufficient input validation, an attacker can take advantage of this flaw by submitting messages that include malicious commands to initiate a command attack.
According to Watchful-IP, this flaw enables complete control of the embedded computer and unlimited root access.
The device owner is only allowed to use a limited “protected shell” (psh), which restricts input to a pre-determined list of limited, vastly informative commands. Yet the attacker can acquire complete control of the device with an unlimited root shell.
This means that internal networks may also be “accessed and attacked” using the vulnerability.
Does this vulnerability affect OEM versions?
Yes, there will be effects on the OEM versions. Actually, this flaw affects practically all OEM and Hikvision-branded cameras.
Additionally, hundreds of brands throughout the world will be impacted by the vulnerability since Hikvision cameras are so widely used.
Moreover, the worst thing is that many OEM brands for Hikvision attempt to conceal their affiliation with Hikvision and pass the cameras off as their own, which means they’ll ignore this vulnerability, and many consumers won’t even be aware of it.
Versions Impacted
Below is a list of some of the impacted versions. If you own a camera model listed, its firmware must be updated IMMEDIATELY.
Product name | Affected version(s) |
DS-2CD1x23 DS-2CD1x43(B) DS-2CD1x43(C) DS-2CD1x43G0E DS-2CD1x53(B) DS-2CD1x53(C) DS-2CD1xx1 DS-2CD1xx7G0 DS-2CD2x21G0 DS-2CD2xx3G2 DS-2CD2xx6G2 DS-2CD2xx7G2 DS-2CD3x21G0 DS-2CD3x51G0 DS-2CD3xx3G2 DS-2CD3xx6G2 DS-2CD3xx7G0E DS-2CD3xx7G2 DS-2CD4xx0 DS-2CD4xx6 DS-2CD5xx5 DS-2CD5xx7 DS-2CD7xx6G0 DS-2CD8Cx6G0 DS-2CVxxx1 DS-2CVxxx5 DS-2CVxxx6 DS-2DF5xxxx DS-2DF6xxxx DS-2DF6xxxx-Cx DS-2DF7xxxx DS-2DF8xxxx DS-2DF9xxxx DS-2DYHxxxx DS-2XC66x5G0 DS-2XE30x6FWD(B) DS-2XE60x6FWD(B) DS-2XE62x2F(D) DS-2XE62x7FWD(D) DS-2XE64x2F(B) DS-DY9xxxx HWI-xxxx HWP-Nxxxx IPC-xxxx KBA18(C)-83x6FWD PTZ-Nxxxx iDS-2CD6810 iDS-2DExxxx iDS-2PT9xxxx iDS-2PTxxxx iDS-2SE7xxxx iDS-2SK7xxxx iDS-2SK8xxxx iDS-2SR8xxxx iDS-2VSxxxx iDS-2XM6810 | Versions which Build time before 210625 |
DS-2TBxxx DS-2TD1xxx-xx DS-2TD2xxx-xx DS-2TD41xx-xx/Wx DS-2TD4xxx-xx/V2 DS-2TD62xx-xx/V2 DS-2TD62xx-xx/Wx DS-2TD81xx-xx/V2 DS-2TD81xx-xx/Wx DS-2TDxxxxB DS-Bxxxx | Versions which Build time before 210702 |
DS-76xxNI-K1xx(C) DS-76xxNI-Qxx(C) DS-HiLookI-NVR-1xxMHxx(C) DS-HiLookI-NVR-2xxMHxx(C) DS-HiWatchI-HWN-41xxMHxx(C) DS-HiWatchI-HWN-42xxMHxx(C) | V4.30.210 Build201224 – V4.31.000 Build210511 |
DS-71xxNI-Q1xx(C) DS-HiLookI-NVR-1xxHxx(C) DS-HiLookI-NVR-1xxMHxx(C) DS-HiWatchI-HWN-21xxHxx(C) DS-HiWatchI-HWN-21xxMHxx(C) | V4.30.300 Build210221 – V4.31.100 Build210511 |
Final Thoughts
Though Hikvision Critical Vulnerability can be a downside to its products, it does not reflect on the company as a whole as its lineup of products is worth investing in.
Furthermore, it would be best if you always protected yourself and placed cameras in areas that do not expose your privacy on the occasion that someone can access the footage. Never place any cameras in bedrooms, bathrooms, or other private spaces.