If an update is available for your devlice, you should install it as soon as possible.īe aware that many Hikvision cameras sold online as "Multilanguage" or "English, not upgradeable" are in fact modified Chinese-language (domestic market) cameras.
Hikvision released firmware updates for many camera models where backdoor code is removed. Keep in mind that many Hikvision IP cameras come with UPNP enabled by default and can expose themselves to the Internet automatically.
#HIKVISION ONVIF UPGRADE#
Because the vulnerability is trivial to exploit, it is recommended that you immediately upgrade or disconnect all Hikvision products from the Internet or untrusted networks, or at least implement network access control rules that only allow trusted IP addresses to initiate connections to vulnerable devices. In addition to gaining full administrative access, the vulnerability can be used to retrieve plain-text passwords for all configured users.
Hundreds of thousands of vulnerable devices are still exposed to the Internet at the time of publishing. In addition to Hikvision-branded devices, it affects many white-labeled camera products sold under a variety of brand names. The vulnerability has been present in Hikvision products since at least 2014. Many Hikvision IP cameras contain a backdoor that allows unauthenticated impersonation of any configured user account. Change Mirror Download Access control bypass in Hikvision IP Cameras
0 kommentar(er)
