By security practitioners, for security practitioners novacoast federal | Apex Program | novacoast | about innovate
By security practitioners, for security practitioners

Hikvision Cameras RCE Vulnerability Requires a Firmware Update

On September 19, 2021, Hikvision released a security advisory (CVE-2021-36260) regarding an unauthenticated remote code execution vulnerability reported to them on June 21, 2021, by a researcher at Watchful IP. A firmware update available on the Hikvision official website is required to mitigate the vulnerability.

What is the nature of the vulnerability?

A critical unauthenticated remote code execution vulnerability that affects a significant range of Hikvision camera products allows the attacker more control than the owner of the device would ordinarily have. Once the attacker has access to the device network, or if the device is directly connected to the internet, an unrestricted root shell can be obtained to completely compromise the IP camera.

Once the camera is compromised, internal network connections become vulnerable to attack. No action is required by the owner and no username or password needed for the attacker to gain access; only http port access is needed.

What’s at risk?

The IP camera can be completely compromised relatively easily, and any internal networks connected to the IP camera can then be attacked. According to Watchful IP, “given the deployment of these cameras at sensitive sites potentially even critical infrastructure is at risk.”

Affected versions

Product NameAffected Version(s)
DS-2CVxxx1
DS-2CVxxx6
Versions with Build time before 210625
HWI-xxxx
IPC-xxxx
DS-2CD1xx1
DS-2CD1x23G0
DS-2CD1x23G0E(C)
DS-2CD1x43(B)
DS-2CD1x43(C)
DS-2CD1x43G0E
DS-2CD1x53(B)
DS-2CD1x53(C)
DS-2CD1xx7G0
DS-2CD2xx6G2
DS-2CD2xx6G2(C)
DS-2CD2xx7G2
DS-2CD2xx7G2(C)
DS-2CD2x21G0
DS-2CD2x21G0(C)
DS-2CD2x21G1
DS-2CD2x21G1(C)
DS-2CD2xx3G2
DS-2CD3xx6G2
DS-2CD3xx6G2(C)
DS-2CD3xx7G2
DS-2CD3xx7G2(C)
DS-2CD3xx7G0E
DS-2CD3x21G0
DS-2CD3x21G0(C)
DS-2CD3x51G0(C)
DS-2CD3xx3G2
DS-2CD4xx0
DS-2CD4xx6
iDS-2XM6810
iDS-2CD6810
DS-2XE62x2F(D)
DS-2XC66x5G0
DS-2XE64x2F(B)
DS-2CD8Cx6G0
(i)DS-2DExxxx
(i)DS-2PTxxxx
(i)DS-2SE7xxxx
DS-2DYHxxxx
DS-2DY9xxxx
PTZ-Nxxxx
HWP-Nxxxx
DS-2DF5xxxx
DS-2DF6xxxx
DS-2DF6xxxx-Cx
DS-2DF7xxxx
DS-2DF8xxxx
DS-2DF9xxxx
iDS-2PT9xxxx
iDS-2SK7xxxx
iDS-2SK8xxxx
iDS-2SR8xxxx
iDS-2VSxxxx
DS-2TBxxx
DS-Bxxxx
DS-2TDxxxxB
Versions which Build time before 210702
DS-2TD1xxx-xx
DS-2TD2xxx-xx
DS-2TD41xx-xx/Wx
DS-2TD62xx-xx/Wx
DS-2TD81xx-xx/Wx
DS-2TD4xxx-xx/V2
DS-2TD62xx-xx/V2
DS-2TD81xx-xx/V2
DS-76xxNI-K1xx(C)
DS-76xxNI-Qxx(C)
DS-HiLookI-NVR-1xxMHxx-C(C)
DS-HiLookI-NVR-2xxMHxx-C(C)
DS-HiWatchI-HWN-41xxMHxx(C)
DS-HiWatchI-HWN-42xxMHxx(C)
V4.30.210 Build201224 – V4.31.000 Build210511
DS-71xxNI-Q1xx(C)
DS-HiLookI-NVR-1xxMHxx-D(C)
DS-HiLookI-NVR-1xxHxx-D(C)
DS-HiWatchI-HWN-21xxMHxx(C)
DS-HiWatchI-HWN-21xxHxx(C)
V4.30.300 Build210221 – V4.31.100 Build210511

What can I do to protect against this vulnerability?

Apply the most recent Hikvision firmware update to all affected devices as soon as possible to patch the vulnerability. No other workaround is documented.

Resources

CISA Advisory:
https://us-cert.cisa.gov/ncas/current-activity/2021/09/28/rce-vulnerability-hikvision-cameras-cve-2021-36260

Hikvision Security Advisory:
https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification-command-injection-vulnerability-in-some-hikvision-products/security-notification-command-injection-vulnerability-in-some-hikvision-products/

Watchful IP Technical Article:
https://watchfulip.github.io/2021/09/18/Hikvision-IP-Camera-Unauthenticated-RCE.html

Previous Post

PoC Released For New VMware vCenter Vulnerability

Next Post

GitLab Security Updates Patch Dozens of Newly Disclosed Vulnerabilities

Innovate uses cookies to give you the best online experience. If you continue to use this site, you agree to the use of cookies. Please see our privacy policy for details.