This was spotted by CYFIRMA researchers, who analyzed over 285,000 Hikvision servers facing the internet, and found over 80,000 as vulnerable. Though Hikvision released a patch for this bug in September last year, thousands of organizations haven’t applied it yet.
Security Vulnerability in Hikvision Cameras
Hikvision is one of the major Chinese surveillance camera makers aimed at organizations to guard their places. System admins managing these should be active in patching any known exploits, as hacking the security cameras may cause unintended consequences to the overall company if they’re connected to the network. And this is what was being warned by the researchers at CYFIRMA, who, in a white paper, stated over 80,000 Hikvision cameras are left vulnerable to hacks! They’re talking about CVE-2021-36260 – a remote command injection vulnerability that was acknowledged by the maker last year and released a patch too! Yet, about 2,300 organizations across 100 countries have still applied this patch says CYFIRMA researchers. They also noted two known public exploits for this bug – one published in October 2021 and the second in February 2022. These led many threat actors, including a Mirai-based botnet called ‘Moobot‘, to exploit the vulnerable cameras and add them to its DDoS lists. In January 2022, CISA even noted that CVE-2021-36260 was one of the actively exploited bugs and urged people to patch. Yet, there are still over 80,000 Hikvision web servers left online with this vulnerability, weak passwords, or the default credentials set at the time of setup. Most are found in China and the US, while Vietnam, the UK, Ukraine, Thailand, South Africa, France, the Netherlands, and Romania are in the top 10 list. Warning people of the potential hacks, researchers advised people to apply the patch update immediately, set a strong password, and isolate the IoT network from other critical assets of the company using a firewall or VLAN.