Security News > 2022 > August > Cybercriminals Are Selling Access to Chinese Surveillance Cameras
New research indicates that over 80,000 Hikvision surveillance cameras in the world today are vulnerable to an 11 month-old command injection flaw.
Hikvision - short for Hangzhou Hikvision Digital Technology - is a Chinese state-owned manufacturer of video surveillance equipment.
Last Fall, a command injection flaw in Hikvision cameras was revealed to the world as CVE-2021-36260.
In the time since, the researchers have discovered "Multiple instances of hackers looking to collaborate on exploiting Hikvision cameras using the command injection vulnerability," specifically in Russian dark web forums, where leaked credentials have been put up for sale.
According to David Maynor, senior director of threat intelligence at Cybrary, Hikvision cameras have been vulnerable for many reasons, and for a while.
The problem can certainly be compounded with laziness, as Bischoff noted, "By the fact that Hikvision cameras come with one of a few predetermined passwords out of the box, and many users don't change these default passwords."
News URL
https://threatpost.com/cybercriminals-are-selling-access-to-chinese-surveillance-cameras/180478/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-22 | CVE-2021-36260 | OS Command Injection vulnerability in Hikvision products A command injection vulnerability in the web server of some Hikvision product. | 9.8 |