top of page

Cybersecurity Vulnerability Could Affect Millions of Hikvision Cameras

On Sunday, video surveillance giant Hikvision posted a security advisory on its website warning customers of a cyber vulnerability that could impact millions of cameras and NVRs deployed globally.

The “command injection vulnerability” could allow threat actors to have complete control of compromised devices and was discovered by cybersecurity researcher Watchful IP in June and first reported on Monday by IPVM.

According to the security advisory, the vulnerability received a base score of 9.8 out of 10 per the Common Vulnerability Scoring System (CVSS), which Watchful IP called “the highest level of critical vulnerability.

Although the video surveillance giant has not disclosed how many products are likely impacted, posting only product names and firmware versions, IPVM estimates that more than 100 million devices could be affected.

In a letter to its partners, Hikvision informed integrators to download an updated version of firmware on its website to remediate the vulnerability.

It also said: “We recognise that many of our partners may have installed Hikvision equipment that is affected by this vulnerability, and we strongly encourage you to work with your customers to ensure proper cyber hygiene and install the updated firmware.”

Hikvision also said that it worked with Watchful IP to patch the vulnerability. Additionally, the company has patched all vulnerabilities reported to the company in its latest firmware version.

“Hikvision is a CVE Numbering Authority (CNA) and has committed to continuing to work with third-party white-hat hackers and security researchers, to find, patch, disclose and release updates to products in a timely manner that is commensurate with our CVE CNA partner companies’ vulnerability management teams,” the letter adds.

“Hikvision strictly complies with the applicable laws and regulations in all countries and regions where we operate and our efforts to ensure the security of our products go beyond what is mandated.”

Our team becomes your trusted IT partner and we get to understand what drives your organisation and your goals for IT. Our team are then able to provide advice and recommendations on technology to achieve business objective, improve security and governance, improve efficiency and to reduce on-going issues. Our managed service agreements provide our customers with the expertise of an enterprise level IT department at a scaled cost to suit their business. Managed Services enable scalability within a cost effective partnership arrangement. To discuss your IT Support requirements, please contact us.