Insecure Hikvision security cameras can be taken over remotely

September 22, 2021

Because the owner of the device is restricted to a limited protected shell (psh) that filters input to a predefined set of limited, largely informational commands, the critical defect allows the attacker to obtain even greater access than the owner.

There is no requirement for the camera owner to do anything other than have access to the http(s) server port (usually 80/443). Any logging on the camera itself will not be able to detect the attack. By sending some communications with carefully written commands, a threat actor can use the vulnerability to initiate a command injection attack.

Read More…