Hikvision Critical Vulnerability [ Important ]

Hikvision administrators have claimed there is “a zero-click vulnerability” in the majority of their security cameras. In this article, you’ll learn about Hikvision Critical Vulnerability.

Additionally, there is a possibility that an unauthenticated hacker can gain access to your NVR and even internal networks. Details of said Remote Code Execution (RCE) bug in certain Hikvision products that can bypass usernames and passwords have been leaked.

This exposure can be exploited to the point of gaining access to a device and being able to control it. A hacker can also use said compromised devices to gain further access to internal networks.

Overall, more than 70 Hikvision cameras and NVRs are exposed to this critical vulnerability. And more than 100 million devices were affected by the issue. Want to find out more about the topic? Check out: Are Hikvision cameras secure?

How does the Hikvision Critical Vulnerability work?

Usually, access to the HTTPS server port is the only thing needed. Typically the 80/443 server port is used to target Hikvision Critical Vulnerability.

Passwords and usernames are not necessary for an attacker to target the camera. Plus, they do not rely on the user for any action. And cannot be detected once they log into the camera. 

This vulnerability to bugs has been present in the firmware since 2016 and has been both acknowledged and repaired by Hikvision. The brand also released a security advisory to alert users of at-risk products.

Why Hikvision Critical Vulnerability happens

Because there is insufficient input validation, an attacker can take advantage of this flaw by submitting messages that include malicious commands to initiate a command attack. 

According to Watchful-IP, this flaw enables complete control of the embedded computer and unlimited root access. 

The device owner is only allowed to use a limited “protected shell” (psh), which restricts input to a pre-determined list of limited, vastly informative commands. Yet the attacker can acquire complete control of the device with an unlimited root shell.

This means that internal networks may also be “accessed and attacked” using the vulnerability.

Does this vulnerability affect OEM versions? 

Yes, there will be effects on the OEM versions. Actually, this flaw affects practically all OEM and Hikvision-branded cameras. 

Additionally, hundreds of brands throughout the world will be impacted by the vulnerability since Hikvision cameras are so widely used. 

Moreover, the worst thing is that many OEM brands for Hikvision attempt to conceal their affiliation with Hikvision and pass the cameras off as their own, which means they’ll ignore this vulnerability, and many consumers won’t even be aware of it. 

Versions Impacted

Below is a list of some of the impacted versions. If you own a camera model listed, its firmware must be updated IMMEDIATELY.

Product nameAffected version(s)
DS-2CD1x23
DS-2CD1x43(B)
DS-2CD1x43(C)
DS-2CD1x43G0E
DS-2CD1x53(B)
DS-2CD1x53(C)
DS-2CD1xx1
DS-2CD1xx7G0
DS-2CD2x21G0
DS-2CD2xx3G2
DS-2CD2xx6G2
DS-2CD2xx7G2
DS-2CD3x21G0
DS-2CD3x51G0
DS-2CD3xx3G2
DS-2CD3xx6G2
DS-2CD3xx7G0E
DS-2CD3xx7G2
DS-2CD4xx0
DS-2CD4xx6
DS-2CD5xx5
DS-2CD5xx7
DS-2CD7xx6G0
DS-2CD8Cx6G0
DS-2CVxxx1
DS-2CVxxx5
DS-2CVxxx6
DS-2DF5xxxx
DS-2DF6xxxx
DS-2DF6xxxx-Cx
DS-2DF7xxxx
DS-2DF8xxxx
DS-2DF9xxxx
DS-2DYHxxxx
DS-2XC66x5G0
DS-2XE30x6FWD(B)
DS-2XE60x6FWD(B)
DS-2XE62x2F(D)
DS-2XE62x7FWD(D)
DS-2XE64x2F(B)
DS-DY9xxxx
HWI-xxxx
HWP-Nxxxx
IPC-xxxx
KBA18(C)-83x6FWD
PTZ-Nxxxx
iDS-2CD6810
iDS-2DExxxx
iDS-2PT9xxxx
iDS-2PTxxxx
iDS-2SE7xxxx
iDS-2SK7xxxx
iDS-2SK8xxxx
iDS-2SR8xxxx
iDS-2VSxxxx
iDS-2XM6810
Versions which Build time before 210625
DS-2TBxxx
DS-2TD1xxx-xx
DS-2TD2xxx-xx
DS-2TD41xx-xx/Wx
DS-2TD4xxx-xx/V2
DS-2TD62xx-xx/V2
DS-2TD62xx-xx/Wx
DS-2TD81xx-xx/V2
DS-2TD81xx-xx/Wx
DS-2TDxxxxB
DS-Bxxxx
Versions which Build time before 210702
DS-76xxNI-K1xx(C)
DS-76xxNI-Qxx(C)
DS-HiLookI-NVR-1xxMHxx(C)
DS-HiLookI-NVR-2xxMHxx(C)
DS-HiWatchI-HWN-41xxMHxx(C)
DS-HiWatchI-HWN-42xxMHxx(C)
V4.30.210 Build201224 – V4.31.000 Build210511
DS-71xxNI-Q1xx(C)
DS-HiLookI-NVR-1xxHxx(C)
DS-HiLookI-NVR-1xxMHxx(C)
DS-HiWatchI-HWN-21xxHxx(C)
DS-HiWatchI-HWN-21xxMHxx(C)
V4.30.300 Build210221 – V4.31.100 Build210511

Final Thoughts

Though Hikvision Critical Vulnerability can be a downside to its products, it does not reflect on the company as a whole as its lineup of products is worth investing in.

Furthermore, it would be best if you always protected yourself and placed cameras in areas that do not expose your privacy on the occasion that someone can access the footage. Never place any cameras in bedrooms, bathrooms, or other private spaces.