{"id":7248,"date":"2022-08-23T08:16:17","date_gmt":"2022-08-23T08:16:17","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?p=7248"},"modified":"2024-04-19T09:41:18","modified_gmt":"2024-04-19T16:41:18","slug":"security-management-cve-2021-36260-patch-this-hikvision-vulnerability","status":"publish","type":"post","link":"https:\/\/webdev.securin.xyz\/articles\/security-management-cve-2021-36260-patch-this-hikvision-vulnerability\/","title":{"rendered":"Security Management: CVE-2021-36260, Patch this Hikvision Vulnerability."},"content":{"rendered":"
More than 3.2 million Hikvision security camera systems remain vulnerable to a critical vulnerability, CVE-2021-36260, which allows hackers to take control of devices remotely, without any user interaction.<\/strong><\/p>\n The video surveillance giant Hikvision disclosed a zero-click vulnerability tracked as CVE-2021-36260, which has existed from at least 2016, according to researchers. The vulnerability that exists in Hikvision camera models is highly susceptible to remote hijacking without requiring a username or password.<\/p>\n <\/p>\n This critical vulnerability carries a CVSS v3 score of 9.8 and allows hackers to bypass the protected shell, limiting the use of the system by their owners to a specific scope of commands. Therefore, Securin experts urge users to address this severe vulnerability on high priority before malicious actors launch attacks against organizations.<\/p>\n <\/p>\n {Updated on Aug 23, 2022}:<\/strong> Despite a patch being made available in September 2021, CVE-2021-36260 has been trending heavily since October 2021. With the exploit codes being available in public domain, CISA considered this vulnerability dangerous and added it to the KEV catalog in January 2022. According to a latest report, over 80,000 instances of Hikvision cameras with the vulnerability are ripe for exploitation<\/a> even today prompting us to ask the following question –<\/p>\n Why are enterprises not prioritizing this dangerous vulnerability?\u00a0<\/strong><\/p>\n \u201cHackers can exploit the Hikvision vulnerability to gain complete control over camera footage. Further, they can obtain credentials of users of the compromised cameras and use them to penetrate deeper into connected networks.\u201d<\/p>\n Pentester\u2019s Perspective<\/p><\/blockquote>\n {Updated on Dec 10, 2021}:<\/strong> A Mirai-based botnet known as ‘Moobot’ is growing rapidly by exploiting a serious command injection issue in web servers of several Hikvision devices. According to Fortinet, \u2018Moobot\u2019 is using CVE-2021-36260 to infect unpatched devices and steal sensitive data from victims.<\/p>\n We recommend users to fix this serious vulnerability before criminal threat actors initiate attacks against organizations.<\/p>\n <\/p>\n CVE-2021-36260<\/strong><\/p>\n CVE-2021-36260 is a remotely exploitable command injection vulnerability in some Internet of Things (IoT) cameras produced by Chinese Hikvision that use a web server service.<\/p>\n<\/li>\n Researchers pointed out<\/a> that the attacker just requires access to the http(s) server port (usually 80 and 443), making it simple to exploit the flaw.<\/p>\n<\/li>\n<\/ul>\n <\/p>\n A Critical Vulnerability, Why?<\/strong><\/p>\n CISA issued an alert<\/a> that urges users to patch this critical vulnerability.<\/p>\n<\/li>\n Classified under the weakness enumeration, CWE-20 (Improper Input Validation), with a CVSS v3 score of 9.8.<\/p>\n<\/li>\n CWE-20 holds third place in MITRE\u2019s 2021 CWE Top 25 Most Dangerous Software Weaknesses<\/a>.<\/p>\n<\/li>\nRecent Updates:<\/h2>\n
\n
CVE Findings<\/strong><\/h2>\n
\n
\n