Outbreak Alert

Hikvision IP Cameras Command Injection Vulnerability

Released: Aug 26, 2022

Updated: Dec 19, 2024

High Severity

Hikvision Vendor

A Command Injection vulnerability in the web server of some Hikvision products

Due to the insufficient input validation, an attacker can exploit the vulnerability to launch a command injection attack by sending crafted messages with malicious commands. Learn More »

Common Vulnerabilities and Exposures

Background

Hikvision is a leading provider of IoT sensor technologies such as IP cameras used by retail, energy, educational and military sectors. Back in December 2021, Fortinet posted a blog about this vulnerability on how attackers can take advantage of it. For more information, refer to the additional resources.

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.

Tens of thousands of Hikvision IP cameras are still vulnerable to a critical, 11-month-old CVE, leaving thousands of organizations exposed. A recent research shows multiple hacking groups collaborating on exploiting Hikvision IP cameras using the command injection vulnerability (CVE-2021-36260) globally. FortiGuard Labs is seeing active exploitation attempts since the release of IPS signature back in Oct, 2021 and a significant uptick in the last few months.

December 16, 2024: The Federal Bureau of Investigation (FBI) released this Private Industry Notification (PIN) to highlight HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs.
https://www.ic3.gov/CSA/2024/241216.pdf
December 06, 2021: FortiGuard Labs release a Threat blog on Mirai based botnet moobot targeting Hikvision Vulnerability
https://www.fortinet.com/blog/threat-research/mirai-based-botnet-moobot-targets-hikvision-vulnerability
September 26, 2021: Security notification released by the vendor

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.

PROTECT

Decoy VM
IPS
Web App Security

DETECT

IOC
Outbreak Detection
Threat Hunting

RESPOND

Automated Response
Assisted Response Services

RECOVER

NOC/SOC Training
InfoSec Services
End-User Training

IDENTIFY

Attack Surface Hardening
Attack Surface Monitoring (Inside & Outside)

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.

References

Sources of information in support and relation to this Outbreak and vendor.

Fortinet Blog

Learn More »

Threat Post

Learn More »

Dark Reading

Learn More »

The Record Media

Learn More »

Hikvision technical support

Learn More »

About FortiGuard Outbreak Alerts

Learn More »

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

Outbreak Alert

Hikvision IP Cameras Command Injection Vulnerability

A Command Injection vulnerability in the web server of some Hikvision products

Common Vulnerabilities and Exposures

Background

Real-Time Threat Map

Latest Development

FortiGuard Cybersecurity Framework

Threat Intelligence

References

Fortinet Blog

Threat Post

Dark Reading

The Record Media

Hikvision technical support

About FortiGuard Outbreak Alerts

Threat Intelligence
Center