© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Critical Hikvision bug allowed remote CCTV hacking


The critical vulnerability in Hikvision wireless bridge products could lead to threat actors taking full admin control of an affected device.

The bug, tracked as CVE-2022-28173, affected the Chinese video surveillance giant’s devices designed for surveillance systems. An advisory Hikvision published to address the flaw describes the issue as an access control vulnerability.

“The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices,” the company said.

In August, the flaw was uncovered by the cybersecurity company Redinent Innovations. Hikvision released patches to mitigate the issue on December 16. Researchers claim that the vulnerability existed due to improper parameter handling by the bridge’s web management interface.

“An attacker can exploit the vulnerability by sending crafted messages to the affected devices. Attacker needs to create a single web request with a crafted payload of no more than 200 bytes to exploit the vulnerability and get administrative access to the web management interface,” Redinent’s team said in a blog.

Spying on the Big Brother

The Cybernews research team has recently discovered that IP cameras, a source for surveillance, may often serve as the means to spy on camera owners themselves.

After looking at 28 of the most popular manufacturers, our research team found 3.5 million IP cameras exposed to the internet, signifying an eightfold increase since April 2021. The research showed that the vast majority of the exposed cameras, 3.37 million, were made by non-other but Hikvision.

IP camera brands

Most internet-facing Hikvision devices were in the US, with our team counting almost 425k US-based IP cameras. Vietnam, home to 376k exposed IP cameras, was second, with the United Kingdom (249k), Mexico (164k), and South Korea (152k) ranking behind.

According to our researchers, Hikvision has the necessary security practice in place as they force users to create their unique passwords during an initial setup process.

Nevertheless, the global popularity of Hikvision cameras has raised some eyebrows, and, as is typical with China-manufactured technology, it and other companies are facing a backlash from Western governments.

More from Cybernews:

Shoemaker Ecco leaks over 60GB of sensitive data for 500+ days

Guardian newspaper hit by suspected ransomware attack

Musk will quit as Twitter CEO when replacement is found

Two charged over digital queue-jumping scam at JFK airport

German industrial giant ThyssenKrupp under a cyberattack

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are marked