Hikvision Access Control Vulnerabilities Analyzed
Hikvision has disclosed 2 vulnerabilities in its access control / intercom products.
*********'* ******************-****-***** (**** ******)******-****-***** (**** ******). **** ** *** ********* ********** them:
**** ** *********'* ****** *******/******** ******** have *** ********* ******** ***************:
(*) **** ****** ******* ******** *** vulnerable ** * ******* ********* ****** because *** ******* **** *** ****** the ******* ** ***** * **** successfully **** **. ** ******* *** vulnerability, ********* **** ** ******* *** session ** ** *** **** **** as * ***** **** **** **, and **** ****** ********* *********** ** forging *** ** *** ******* ** of ** ************* ****.
(*) **** ****** *******/******** ******** **** unauthorized ************ ** ****** ******* ************* vulnerabilities. ********* *** ****** ****** ******* configuration ** ******* ******** **** ******* to *** ********** ********* ****** *** same ***** *******.
******** ******* *** ********* ****** **** factor ******/************** ****** ** *** ************* ** *** ******* *** ** cameras ** *********.
**** ******** **** *** **** *** see ********* ***** **** ****** ** them. ** *** ******** *******, ** provide ********** *** ******** ** *** these ****, **** ***** **** ****, and **** *********** ***** ** ******* them.
***-****-*****
*** *****-**** ******** **** **** ************* is ****** **** *** ****** *** practically, **** ***** ** ********* ** accomplish.
*** ************ *** ********** **** *** criteria:
- ********* **** ** ******* *** ******* ID ** *** **** **** ** a ***** **** **** **
- ******* *** ** *** ******* ** of ** ************* ****
* ********* ******** ****** ** * MiTM ******, ** ** ****** *** another *** **** ** ******** ***** know ******* **** * **** **** in, *** *** ******* ** ** the ************* ****.
******** (** ***** ** *** **** years) ******* ******** *** ** ******* of *** ************* ****, ***** *** reason *** ******* *** ** *******, and *** ******* ** ** *** authenticated **** **** ********** * *** session **.
***** ** ****, ** ***** ** has * *** *********** ** ************.
***-****-*****
*** *****-**** ******** ** **** ***** be * ****** ** ******* ******.
***** *** ** ******* ************ *** exploiting. ***** *** ****** ** * modification ** *** ****** ******* *************, we ***** ****** *** ******* ***** be ****** * *** ****** **** to * *********/********* *******.
*******, ***** ***** ** * *********** for ***** *** ****** ** ******* instead ** *** *********/********* *******, *** if **** ***** ** *** **** it ***** ****** *** ****** ******* from "***** *******" ** "***** *** remote *******". ** ******** ***** **** perform * ****** *** ****** ** sending * *** ***** ******* ************* to *** ******.
***, *** *** **** **** ** likely *** ***** **** **** **** forwarding, ** ** ***** ** *** a *** *********** ** ***** ********* from *** ********.