Over 80,000 exploitable Hikvision cameras exposed online
Credit:
Bleeping Computer
Security researchers have discovered over 80,000 Hikvision cameras vulnerable to a critical command injection flaw that's easily exploitable via specially crafted messages sent to the vulnerable web server.
The flaw is tracked as CVE-2021-36260 and was addressed by Hikvision via a firmware update in September 2021.
However, according to a whitepaper published by CYFIRMA, tens of thousands of systems used by 2,300 organizations across 100 countries have still not applied the security update. There have been two known public exploits for CVE-2021-36260, one published in October 2021 and the second in February 2022, so threat actors of all skill levels can search for and exploit vulnerable cameras.