Security researchers at CYFIRMA have discovered over 80,000 Hikvision cameras vulnerable to a critical command injection flaw that’s easily exploitable via specially crafted messages sent to the vulnerable web server. According to their whitepaper on the subject, tens of thousands of systems used by 2,300 organizations across 100 countries have still not applied the security update.
CYFIRMA researchers have observed … multiple instances of hackers looking to collaborate on exploiting Hikvision cameras using the command injection vulnerability (CVE-2021-36260)
Specifically in the Russian forums, we have observed leaked credentials of Hikvision camera products available for sale.
- 80,000+ devices vulnerable
- 100 Nations impacted
- 450+ non-standard open ports
- 2,300+ organizations impacted