"Widely-Used Hikvision Security Cameras Vulnerable To Remote Hijacking"

A security researcher has discovered a vulnerability in Hikvision surveillance cameras that make them susceptible to remote hijacking without the attacker needing to have a username and password. The attack can be launched using the standard HTTP and HTTPS ports, 80 and 443. The attacker can use a compromised camera as a starting point to explore a victim's entire network. According to the white hat hacker who made the discovery, Hikvision models manufactured as far back as 2016 are impacted by the flaw. Hikvision's security notification lists dozens of models affected by the vulnerability. However, the list of vulnerable cameras could be significantly longer as Malwarebytes has noted that many Original Equipment Manufacturers (OEMs) usually rebrand Hikvision cameras and then sell them as their own. This article continues to discuss the discovery, disclosure, and potential impact of the vulnerability found in Hikvision surveillance cameras.  

Forbes reports "Widely-Used Hikvision Security Cameras Vulnerable To Remote Hijacking"