- CYFIRMA, a security company from Singapore, has published a whitepaper regarding a vulnerability in the Hikvision camera systems.
- The vulnerability has a CVSS score of 9.8 and is a command injection flaw that allows attackers to exploit with crafted messages.
- The fix for this specific vulnerability has been released in September 2021. However, there are still 80,000 vulnerable Hikvision systems worldwide.
The Singapore-based security company CYFIRMA has published a whitepaper about a vulnerability that exists on Hikvision cameras. The vulnerability, which can be tracked as CVE-2021-36260 has a CVSS score of 9.8; so it is a critical flaw.
It was fixed one year ago
The vulnerability in Hikvision cameras was fixed by a firmware update back in September 2021; almost one year ago. Despite the critical severity of the vulnerability, CYFIRMA’s whitepaper indicates that there are over 80,000 cameras that are exposed online without the firmware patch.
The vulnerability is a command injection flaw and is exploitable by a simple crafted message that is sent to the vulnerable web server. It was exploited at the end of 2021 to utilize them for the Moobot botnet to conduct further DDoS attacks. The critical flaw is also in the CISA’s actively exploited bugs list; the organization urged Hikvision system owners to patch their systems immediately.
Some users in Russian hacker forums sell network entrance points that rely on vulnerable Hikvision cameras. Those entrance points can be used for botnet attacks as well as lateral movement. CYFIRMA’s research also includes the number of vulnerable systems by country; China, the USA, Vietnam, and the UK have a big portion of them.
Currently, there are ongoing exploitation attempts from Chinese APT41 and APT10, and some Russian cyberespionage actors.