Skip to main content

Over 80,000 exploitable Hikvision cameras exposed online

posted onAugust 23, 2022
by l33tdawg
Bleeping Computer
Credit: Bleeping Computer

Security researchers have discovered over 80,000 Hikvision cameras vulnerable to a critical command injection flaw that's easily exploitable via specially crafted messages sent to the vulnerable web server.

The flaw is tracked as CVE-2021-36260 and was addressed by Hikvision via a firmware update in September 2021.

However, according to a whitepaper published by CYFIRMA, tens of thousands of systems used by 2,300 organizations across 100 countries have still not applied the security update. There have been two known public exploits for CVE-2021-36260, one published in October 2021 and the second in February 2022, so threat actors of all skill levels can search for and exploit vulnerable cameras.

Source

Tags

Security

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th