Hikvision, HWG Deceive FCC About New Critical Vulnerability [Update: Hikvision Issues Correction]

By Charles Rollet, Published Sep 23, 2021, 09:53am EDT (Info+)

Hikvision and its law firm, HWG, deceived the FCC in a lengthy submission filed on September 20th about Hikvision's critical new vulnerability impacting 100+ million devices.

IPVM Image

Despite days earlier admitting this critical vulnerability, Hikvision asserted to the FCC that "no vulnerability in Hikvision video surveillance equipment to date in 2021" by citing the Common Vulnerabilities List (CVE).

***********, ********* *** *** *** **** of ****** *** **** ***** ** this *** ******** ************* **** ******* it ** * ******** ** *** filing.

**** ******** ********* *** *** ****** herein:

IPVM Image

Hikvision ****** ** ***** **** ****

** ********* **, ****, ** *** firm****** ********* & *******, ******* *** *********, ***** ****** ** *** ***************** *** *** ***** *********/*****/******/******/*** **************.

*** ****** ******* *********** ***** ** Hikvision's ************* ******, ******** **** ********* "reports ** *************** [...] ** **** in ****" ** ****** ****, *** ******** ******** *** ******** vulnerabilities:

IPVM Image

"Stellar" *************

*** '** ***' ***** ********* *********'* argument **** *** ************* ** "*******" with "** ******** **********" **** *** equipment "** **** **********" **** ******:

IPVM Image

Hikvision ******** *** ** ****

*******, ****** **** **** **** * ********* entry*** *** ******** ************* ***** ***** that *********, ** **** ********* ********* (***),******** *** ************* ** **** **:

IPVM Image

*********, ****** ********, *** *************'* ****** **** ********* confirmed *********** *** ************* ****** ****, on **** **.

***** *** ***** ***********, ******** '"** vulnerabilities ** ********* ***** ************ ********* to **** ** ****' ** *****, since ********* *** ******* ******** * CVE ***** *** **** ***** *** vulnerability ****** **********.

Buried ** *** ******

******, *** ******* **** ***** **** vulnerability ******* **** ******** ** ** the *** ********** *** ****** ** as * ******** ** * ******** about *** **** ********:

*** *******, ** ***** **** * security ********** ***** *** ******** * vulnerability—six **** *****, ********* ******** * firmware *****, ******** *** ******** ******* a ******* ********, *** ******** *** public **** * ****** ** *** website.20

******** **, ** **** *****:

IPVM Image

******* ****, *** *** ********* ****** to ****, *** ******* ******* *** FCC **** ** ******** ** *************** to **** ** ****.

Updates *** ** ********* ****

*******, * **** ***** ******, **+ days ***** ******** *** ***, *** 3 ** * **** ***** ******** announcing *** *************,********* ******* *** *** ** ******** **** ** *** ************.

No ******** *** *** ****

** ********* ********* ** **** ** HWG *** *** **** ****** ** the ********* **********,**** ********, ****** ***** ** ***** ** the ***, ** ******* *** **** submitted *** ****** ** **** *** whether **** ***** ****** ** ******* the **********. ** ******** *** ********.

Update: ********* ******** **********

*********'* ******* *** ******** * ********** to *** ***, *******:

*** ******** ******** ******* ** ***** which *** *** ****** ** * conforming ****** ***** ************* *******. ********* submits **** ******* ** ******* **** the ********** ********** *** ******** ******** for *** ******* ***** ** ********* 20.

**** ****** *** ***** ********* **, 2021. ** *:** ** **** *******, IPVM ******* ********* *** *** ***** this *****:

IPVM Image

******** **** ******** ** ********, *** updated *** *** *******. *******, *** new ********* ******** ********* ********:

*** *** *********** **** ******* ** those ******* *************** ** ******** *** has *** *** ************* *** **** vulnerability ** ** *** **** ** this ******.

***** *** *** *** *** *** categorized *** *************, ********* ***, ****** it * **** **** ***** ** 9.8, ***** ** ********. **** ** material *********** **** **** **** ******* from *** **********. ** **** ******* out ** *** ** *** **** about **** *** **** ****** ** they *******.

Update: '** ********' **** *********

***** ********* *** *** ********* ** the ******** ** ****. ** ** 12:16 ** **, **** ******** * reply **** ********* ********* ** ** Global ************** **** *:** ** **:

IPVM Image

**** **** ****** **** *** ***** from ***.

Comments (14)

John Honovich

IPVM | 09/23/21 01:51pm

*******, **** *********!

********* ******* *** * ***** ******* with *** ** ********** (** **** they ***** *** ** ******* ** security **** ***** **** *** ****).

** ********* ****** **** **** ******* trust **** *** ** ********** ** pulling * ***** ***** **** ****. Honestly, ****'* *** **** **** **** approach? ** **** ***** *** *** is ******? *** *** ****** ***** what ** ********* **** *** **** known **** ** ********* *** *** law ****? ******'* ********* ***** **** trust ** ***** *******?

*** ***** ** * *** ** claims ***********'* **-**** ****** ** *** ** FCC*** ** **** ******* **** **** most ******** *** ****** **** **** week's ****.

Agree: 1
Disagree
Informative: 3
Unhelpful: 1
Funny

Undisclosed Integrator #3

In reply to John Honovich | 09/25/21 06:33am

** **** ***** *** *** ** stupid?

****, **** *** * ********** ******...

Agree
Disagree
Informative
Unhelpful
Funny

Andrew Myers

09/23/21 03:31pm

**'* ****** ******* **** ********* ** playing ***** ****, *** ** **** a ****** ******* ************:

**** *************** *** *** ******, ******

The ****** ** **** **** That is not what the CVE system was designed to do. I'll quote ********'* ********* ******** ******** ***** ********:

*** **** **** ****** ************ ** ** ****** ****** *********** for ******** ***************. **'* *** ******** to ** * ******** *** ******** database ** *** ***** *************** ** any *******. **** **, * ****** or ********** ***** ****** ****** ** not ******* * *** ****** *** a ***** ****. *******, **************** ************** **** ***** * ****** ** or***'* *********** ***** ******, ****** * ****** "bug *****" * ****** *********** ******** criterion. ****, *** * ******* ***'* have ** **** ******** ******* ** compare ********* **********. (*** **** *** bugs ***** * ****** **** *********...?)

**** ****, **** ** ****** **** you ** **** ***** **** **** of *************** **** **** ***** ** a ******* *** ****'** * **** starting ***** *** ********. *** *** amount ******** ******* ** *** *** of *** ******** *** *** **** attention ** ******** ******* ******** ********. You ***'* ****** ****** ** * lot ** *** *********** ***** **** the ******** ** ****** ******* ** if ** ******** ***** **** **'* particularly ****** ******* ********* * *** of *************** *** ******* *****. * personally **** ** **** ** ********** if ** ***** ******* *** * very ***** ****** ** ******* *************** because ***************** ** ****'* **** ******* **********.

**** ********* ***** * **** ** CVEs, **** *** ************ * ****** method ** ******** ********. *** *** flaws *** **** **** ******* **** you *** *** **** ** ** for **** ** **** *** ******.

*** ****** *** *** ****** ** evaluate ******, ******** ******** ******* *** other *****:

  • *** ******** ** **** *** ********* actively.
  • *** ****** ********** ****** ** ****** for *************** (*** ***** **** ****** bounties).
  • *** ******** **** *** ********* *** patched *******.
Agree: 4
Disagree
Informative: 5
Unhelpful
Funny

Undisclosed #1

In reply to Andrew Myers | 09/23/21 03:50pm

**** *** ************ * ****** ******

****, ****** "************ ****** *******" *** pretty **** **** *********'* **** ********. Deny ***************, ******* ****** ***** *** company *********, *** ** **** ***** criticisms ** ****** ******, ***.

Agree: 5
Disagree: 1
Informative
Unhelpful
Funny: 1

bashis mcw

In reply to Undisclosed #1 | 09/23/21 07:14pm

****, ********* *** *** *** **** ones *** ***** ****.

Agree: 3
Disagree
Informative
Unhelpful
Funny

John Honovich

IPVM | In reply to Andrew Myers | 09/23/21 04:06pm

*****, **** ** ********** ********* ***** that ** **** ***************, ***** **** is *** ****** **** ***** ********** on.

****, ****** ******'* ***** ** **** point: "* ****** ** ********** ***** simply ****** ** *** ******* * CVE ****** *** * ***** ****"

Agree: 1
Disagree
Informative
Unhelpful
Funny

Undisclosed Integrator #3

In reply to Andrew Myers | 09/25/21 06:29am

* ********** **** ** **** ** suspicious ** ** ***** ******* *** a **** ***** ****** ** ******* vulnerabilities ******* ***************** ** ****'* **** ******* **********.

**, ***** *** ******* ** ****** was ****** ** **** ****.

Agree
Disagree
Informative
Unhelpful
Funny

Undisclosed Integrator #3

In reply to Andrew Myers | 09/25/21 06:32am

**** ********* ***** * **** ** CVEs, **** *** ************ * ****** method ** ******** ********.

**********. *** *** ************ ***********. ***** even **** ********

Agree
Disagree
Informative
Unhelpful
Funny

John Honovich

IPVM | 09/24/21 04:07pm

Update: ********* ******** **********

*********'* ******* *** ******** * ********** to *** ***, *******:

*** ******** ******** ******* ** ***** which *** *** ****** ** * conforming ****** ***** ************* *******. ********* submits **** ******* ** ******* **** the ********** ********** *** ******** ******** for *** ******* ***** ** ********* 20.

**** ****** *** ***** ********* **, 2021. ** *:** ** **** *******, IPVM ******* ********* *** *** ***** this *****:

IPVM Image

******** **** ******** ** ********, *** updated *** *** *******. *******, *** new ********* ******** ********* ********:

*** *** *********** **** ******* ** those ******* *************** ** ******** *** has *** *** ************* *** **** vulnerability ** ** *** **** ** this ******.

***** *** *** *** *** *** categorized *** *************, ********* ***, ****** it * **** **** ***** ** 9.8, ***** ** ********. **** ** material *********** **** **** **** ******* from *** **********. ** **** ******* out ** *** ** *** **** about **** *** **** ****** ** they *******.

Agree
Disagree
Informative
Unhelpful
Funny: 2

Undisclosed #2

IPVMU Certified | In reply to John Honovich | 09/24/21 06:34pm

*** *** *********** **** ******* ** those ******* ** ********.

”**** *******” ** **** “**** ****” - *** ** *** ******* *** the *** *****.

Agree
Disagree: 1
Informative
Unhelpful: 1
Funny: 1

Undisclosed Integrator #3

In reply to Undisclosed #2 | 09/25/21 06:38am

”**** *******” ** **** “**** ****” - *** ** *** ******* *** the *** *****.

IPVM Image***·**·**

/ˈ***(ə)*ə*/**********, *********** **** *** *** *** ****."*** ****** ** ******* *****"********: ****, * ****** **, * few, *** **** ****, * ******* of, * ***** ***** **, *******, a ******* **, ********, ******, *******, divers

Agree
Disagree
Informative
Unhelpful
Funny

Undisclosed #2

IPVMU Certified | In reply to Undisclosed Integrator #3 | 09/25/21 04:45pm

**** ******* ** ***** ******** **** sense.

Agree
Disagree
Informative
Unhelpful
Funny: 1

Undisclosed Integrator #3

In reply to Undisclosed #2 | 09/25/21 05:10pm

**** ******* ** ***** ******** **** sense.

**, ***'* ****; ** ******* **** the **** ********** **** * **** so ** **** ** * ********* definition *** ********

Agree
Disagree
Informative
Unhelpful
Funny
Avatar

Carl Stoffers

IPVMU Certified | 09/24/21 05:54pm

Update: '** ********' **** *********

***** ********* *** *** ********* ** the ******** ** ****. ** ** 12:16 ** **, **** ******** * reply **** ********* ********* ** ** Global ************** **** *:** ** **:

IPVM Image

**** **** ****** **** *** ***** from ***.

Agree
Disagree
Informative
Unhelpful
Funny: 2
Login to read this IPVM report.
Why do I need to log in?
IPVM conducts reporting, tutorials and software funded by subscriber's payments enabling us to offer the most independent, accurate and in-depth information.
Loading Related Reports