Hikvision cameras have a critical remote code execution vulnerability

General discussion about Blue Iris
Post Reply
User avatar
Thixotropic
Posts: 743
Joined: Wed Sep 04, 2019 7:20 pm
Location: Low-Earth Orbit

Hikvision cameras have a critical remote code execution vulnerability

Post by Thixotropic »

FYI.......

The majority of the recent camera product ranges of Hikvision cameras are susceptible to a critical remote unauthenticated code execution vulnerability even with latest firmware (as of 21 June 2021). Some older models are affected also as far back as at least 2016. Some NVRs are also affected, though this is less widespread.

More details from Hikvision:
https://www.hikvision.com/en/support/cy ... -products/

This is being tracked as CVE-2021-36260

Summary:
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.
Blue Iris 5.x x64 | Windows 10 Pro x64 | 16GB RAM | i7-7700 3.6 GHz | 1TB HDD | 2TB RAID NAS | 9 Cameras | Almost Dual NIC | 2KVA UPS
HeneryH
Posts: 678
Joined: Thu Jul 18, 2019 2:50 pm

Re: Hikvision cameras have a critical remote code execution vulnerability

Post by HeneryH »

You should consider ALL security cameras to have vulnerabilities capable of stealing all of your money along with your spouse. Protect your system accordingly.
User avatar
TimG
Posts: 2098
Joined: Tue Jun 18, 2019 10:45 am
Location: Nottinghamshire, UK.

Re: Hikvision cameras have a critical remote code execution vulnerability

Post by TimG »

Yup, connect them only to your second NIC :?
Forum Moderator.
Problem ? Ask and we will try to assist, but please check the Help file.
Post Reply