Thousands of Hikvision Cameras Vulnerable to a Security Bug

Thousands of Hikvision Cameras Vulnerable to a Security Bug

Analyzing a sample of 285,000 Hikvision web servers exposed online, CYFIRMA researchers spotted over 80,000 of them vulnerable to a remote command injection bug.

Though Hikvision released a patch for this last year, thousands of organizations still haven’t applied it yet. With two known exploits for this bug already, there have been constant attacks against the exposed Hikvision web servers in various countries.

Hikvision Cameras with a Security Bug

Last year, Hikvision released a patch for CVE-2021-36260 – a security vulnerability that lets hackers inject malicious commands remotely. Several researchers have spotted two known exploits for this bug – one in October 2021 and the other in February 2022.

Both of them allows for anyone to scan for the vulnerable Hikvision cameras online and exploit them for their own purposes. And this happened too! Proofpoint researchers noted a new Mirai-based botnet called Moobot taking over vulnerable Hikvision web servers for it’s DDoS attacks.

This even led CISA to add CVE-2021-36260 as one of the actively exploited vulnerabilities since last year, advising people to secure them. Yet, we see thousands of them still being online, ready to get exploited.

As per CYFIRMA’s whitepaper, a sample online scan of 285,000 Hikvision web servers resulted in over 80,000 of them being vulnerable to CVE-2021-36260 – even after the maker released a patch last year!

They noted over 2,300 organizations across 100 countries have still not updated to the patch, leaving them all vulnerable. Most of them are seen in China and the US, while Vietnam, the UK, Ukraine, Thailand, South Africa, France, the Netherlands, and Romania stand next on the list.

There have been a number of sellers in Russian-speaking hacking forums selling the network entrance points based on exploitable Hikvision cameras, threatening the IT landscape. Though there are a number of hackers targeting them currently, researchers noted Chinese hacking groups APT41, APT10, and the Russian cyberespionage groups as the main threat actors.

Warning the public about consequences, system admins are advised to apply the available patch from Hikvision, set a strong password, and put their IoT network away from the company’s using a firewall or VLAN.

Other Trending News:-  News

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post
Sony Confirmed PS VR2 is Coming in Early 2023

Sony Confirmed PS VR2 is Coming in Early 2023

Next Post
Plex Reset Users' Account Passwords After a Data Breach

Plex Reset Users’ Account Passwords After a Data Breach

Related Posts