Around 80,000 Hikvision cameras were been found by the security investigators which were exposed to a serious command injection flaw. Through this flaw, the system can be easily exploitable via a specially crafted messages which were transmitted to the vulnerable web server.
Accordingly, the defect has been tracked as CVE-2021-36260 and was aimed by Hikvision through a firmware update in September 2021. There have been two well known public exploits for CVE-2021-36260 in which one was published in October 2021 and the other one in February 2022. By this, it was easier for the malicious actors to search and breach vulnerable cameras.
CISA has also warned that the CVE-2021-36260 was in one of the actively exploited bugs list. Afterwards, it published a new list of bugs and alerted the organizations that the hackers could take full control over their devices and can inject the flaw in the system. So, if you run a Hikvision camera, you should install the latest firmware update, use a strong password and should separate the IoT network from using a firewall or VLAN.
