Headline
CVE-2021-36260: Command Injection Vulnerability
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.
Pro Series (All)
Hikvision Pro Series network cameras aim to provide just the right components, including intelligent features that are affordable and easy to use.
Pro Series with AcuSense
Empowered by deep learning algorithm, Hikvision pro series network cameras with AcuSense detect and recognize people and vehicle targets. Selected models can also perform strobe light and audio alarm for on-site response in real time.
Pro Series with ColorVu
Hikvision Pro series network cameras with ColorVu produce colorful and sharp videos with clear details in most low light, and even zero light scenarios.
DeepinView Series
Powered by Deep Learning, Hikvision deep learning cameras take you far beyond just video and imaging data.
Panoramic Series
All-in-one cameras can capture excellent panoramic images as well as close-up images to give consideration to both a panorama and detail.
Special Series
Hikvision’s Special Series is integral to reliable network video solutions that specially designed for critical environments.
Ultra Series (SmartIP)
Combining low-light monitoring capabilities and high-definition recognition, Hikvision smart IP cameras can easily meet the requirements of enterprise projects.
Wi-Fi Series
Our line of wi-fi security camera systems allow for easy installation and to provide stable and high quality images.
Solar-powered Series
Hikvision solar-powered security cameras deliver robust performance in areas where power supplies and ethernet cables don’t reach.
PT Series
Hikvision’s motorized Pan-Tilt cameras support remote and easy adjustment of camera viewing angles on the Hik-Connect app.
Related news
Hello everyone! This episode will be about the new hot twenty vulnerabilities from CISA, NSA and FBI, Joint cybersecurity advisory (CSA) AA22-279A, and how I analyzed these vulnerabilities using my open source project Vulristics. Alternative video link (for Russia): https://vk.com/video-149273431_456239105 Americans can’t just release a list of “20 vulnerabilities most commonly exploited in attacks on […]
Categories: Exploits and vulnerabilities Categories: News Tags: Chinese APT Tags: advanced persistent threat Tags: APT Tags: CISA Tags: NSA Tags: FBI Tags: security advisory CISA, the NSA and the FBI have compiled a list of the vulnerabilities targeted by state-sponsorted threat actors from China. (Read more...) The post Chinese APT's favorite vulnerabilities revealed appeared first on Malwarebytes Labs.
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
The US Cybersecurity and Infrastructure Security Agency had wanted federal agencies to implement the fix for the RCE flaw in Hikvision cameras by Jan. 24, 2022.
Categories: News Tags: Hikvision Tags: CVE-2021-36260 Tags: metasploit Tags: Mirai Tags: Moobot Tags: A patch has been available since September 2021, yet tens of thousands of systems used by 2,300 organizations across 100 countries have still not applied the security update. (Read more...) The post Thousands of Hikvision video cameras remain unpatched and vulnerable to takeover appeared first on Malwarebytes Labs.