Zero-Click RCE Flaw in Hikvision Security Cameras May Cause Network Penetration

Zero-Click RCE Flaw in Hikvision Security Cameras May Cause Network Penetration

According to a researcher, a zero-click flaw in a widely used IoT security camera may allow an unauthenticated attacker complete access to the device and prospective internal networks.

The researcher, who goes by the identity ‘Watchful IP,’ has detailed that an unauthorized Remote Code Execution (RCE) flaw is found in some Hikvision network cameras.

Hikvision, a Chinese manufacturer, is the world’s largest network camera brand.

The security vulnerability is known as CVE-2021-36260. A blog post explained how this flaw might allow a threat actor to completely take control of an internet-connected camera and prospective internal networks.

Watchful IP further explained that the severe flaw, rated 9.8 on the CVSS severity scale, allows an attacker “far more access than even the owner of the device has as they are restricted to a limited ‘protected shell’ (psh) which filters input to a predefined set of limited, mostly informational commands”, Watchful IP explained.

After controlling the IP camera completely, threat actors can then access and attack internal networks.

“This is the highest level of critical vulnerability – a zero click unauthenticated remote code execution (RCE) vulnerability affecting a high number of Hikvision cameras.”

They added: “Given the deployment of these cameras at sensitive sites potentially even critical infrastructure is at risk.”

If these cameras are installed at sensitive locations, critical infrastructure may be compromised.

Hikvision has responded to the findings by patching the problem. A security advisory has also been issued by the company, indicating which devices are at risk. It was summarized that an attacker could use the vulnerability to conduct a command injection attack by delivering certain messages with malicious instructions due to poor input validation.

In addition to this, the advisory also provides a comprehensive list of susceptible versions.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.