Tens of thousands of Hikvision cameras are vulnerable to attack despite a firmware update being released to close the security hole last year.
As Bleeping Computer reports(Opens in a new window), the vulnerability relates to a flaw known as CVE-2021-36260(Opens in a new window). It's described as a "command injection vulnerability" that allows an attacker to "launch a command injection attack by sending some messages with malicious commands," and it was made possible due to insufficient input validation.
In a recent report(Opens in a new window) (PDF), cybersecurity company Cyfirma identified over 80,000 Hikvision cameras remained unpatched and therefore susceptible to being exploited to gain network access. So far, two known exploits are being used against the cameras, which were taken advantage of in December last year to help spread the Moobot botnet. Access to networks is also being sold on Russian-speaking hacking forums, with the access made possible due to those networks having unpatched Hikvision cameras connected to them.
According to The Register(Opens in a new window), the security flaw is present on more than 70 different models of Hikvision's cameras. They have been purchased and used by over 2,300 organizations spread across more than 100 countries. Cyfirma's analysis revealed the largest number of unpatched cameras are located in China (12,690) and the US (10,611). The other countries in the top 10 include Vietnam, the UK, Ukraine, Thailand, South Africa, France, the Netherlands, and Romania.
Cyfirma believes Chinese cybercriminal groups APT41 and APT10, as well as unknown Russian groups, "could potentially exploit vulnerabilities in these devices to fulfill their motives (which may include specific
Read more on pcmag.com