Security News > 2022 > August > Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Cybercriminals Are Selling Access to Chinese Surveillance Cameras
2022-08-25 18:47

New research indicates that over 80,000 Hikvision surveillance cameras in the world today are vulnerable to an 11 month-old command injection flaw.

Hikvision - short for Hangzhou Hikvision Digital Technology - is a Chinese state-owned manufacturer of video surveillance equipment.

Last Fall, a command injection flaw in Hikvision cameras was revealed to the world as CVE-2021-36260.

In the time since, the researchers have discovered "Multiple instances of hackers looking to collaborate on exploiting Hikvision cameras using the command injection vulnerability," specifically in Russian dark web forums, where leaked credentials have been put up for sale.

According to David Maynor, senior director of threat intelligence at Cybrary, Hikvision cameras have been vulnerable for many reasons, and for a while.

The problem can certainly be compounded with laziness, as Bischoff noted, "By the fact that Hikvision cameras come with one of a few predetermined passwords out of the box, and many users don't change these default passwords."


News URL

https://threatpost.com/cybercriminals-are-selling-access-to-chinese-surveillance-cameras/180478/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-09-22 CVE-2021-36260 OS Command Injection vulnerability in Hikvision products
A command injection vulnerability in the web server of some Hikvision product.
network
low complexity
hikvision CWE-78
critical
9.8