Problems Fixing Critically Vulnerable Hikvision Devices

Published Sep 21, 2021 14:39 PM

IPVM has been investigating means to upgrade and fix vulnerable Hikvision devices and has discovered a number of problems in doing so.

IPVM Image

In this note, we look at these issues, including unclear firmware availability, broken firmware update checks, possible undisclosed affected models, and weak notifications by Hikvision, and how they put users at further risk.

Models ******** *** *********

***** *********'* **** ** ******** ****** is **** *** ****** **** ******* of *******, ** *** *** ** complete.************* ********** ****** ********* ** ******** ** *** ********* *** ************* on ** ***** *** ***** *** listed ** *********'* **********.

****** *** ****** ***** ****** ***. I *** **** ****** ** ** own ******, ***** *********** ** ******* different ******** *** *******.

** ******** ****** *** ****** **********, it **** ** * *********** *******, as ********* *** *** ******** ******* 2021 ******** *** **** ****** ***** are **** * *** ***** ***, as*** ********* ******* ***.

** ***** ********* ** ***** ****** were ******** *** *** **** ***** handle ************ ******, *** **** **** not *** *******.

Security ******* **** ** ****

********* *** **** ***** ***** *** vulnerability ** ***** *** ******** *** social *****.

**** ** *********'* ******** ***** **** news ********* *** ************* ** ***** front *****, *.*.,********* ******,**,**,******, ***. *******, ***** **** ** navigate ** ******* > ************* ****** > ******** ******* ** ***** ** find *******, ****** *** *********** ******* to **** *****.

********* ** ****** *** ****** ** Twitter***********, *** **** ** ***** ********** of *** ******** ** ************ ** users ** ******.

IPVM Image

***** ******* (*.*.,********* ******/********) *** *** ******* ** ** all.

Hikvision ***** ****** ******* ** ******* ******

***** *********'* ***** ************* *******, ***** allows ***** ** ***** *** *** firmware *** ******* ****** ******** ** bulk, *** ***** ****** ******* **** no *** ******** ******* *********:

IPVM Image

**** ** * *********** ****, ** this ** *********'* *** ****** *** systematically ******** *** ******** ******** ** larger ******* ** *******. ***** ****** reporting ** ******* ****** ***** ***** many ***** **** * ***** ***** of ******** **** ***** ******* *** up-to-date *** *** **********.

** ***** ********* *** ******** ** why ***** ****** ***** ****** ******** is ** ** ****, *** **** have *** *********.

No *** ******** ***** ** **

******* ***** ******** ****** *********** ***** to ******** *** ******** ** "***** against **** ********* *************", ********* ***'* support **** ***** ** *** ******** available *** ******** ******* ******** ******:

IPVM Image

****** **** ******** *********, *** **** vulnerable ******** (***** ** **** **, 2021, ********* ** *** ******** ******):

IPVM Image

Other ******* ******** ********* / ******** ****** *********

*******, ***** *** ** **** ***** no *** ******** *********,*********'* "******" ********* *** ******** ********* *** *** same ******:

IPVM Image

**** **** ** ********** ** ** email ** ** ********, ** ****:

IPVM Image

*******, ********* *** ************ ******* ******* installing ***-**-****** ******** ** *******, *** IPVM *** **** ******* ******* ***** so, ** **** ***** *** ** confused ** **** ********. ******, ***** US ******* ***** ***** **** ****** on *** ******** ********* ****:

IPVM Image

** ***** ********* *** ******* ** why *** ** **** **** *** list ******** *** ******* ***-**-****** ******** is * *******, *** **** **** not *********.

No ******** **** *********

** **** ***** ********* *** ******** on ***** ******, *** **** *** responded ** *** ******** *** *******. We **** ****** **** **** **/**** they ** **.

Hikvision ***** ******

******* ** ******* ***** ******** *** make ******* ******** ********* *** * exploit ** **** ********* ** * massive ******* *** *********, ******* **** numbers ** ******* ********** ** ******. This ** ********** ********** ** ***** researchers **** *** **** **** ********* ******** *** ******* *************, ******* **** ***** ******* ********* those **** ********* ****** *** ****** to ** **, ** ****.

Comments (22)
UE
Undisclosed End User #1
Sep 21, 2021

******** ** **** *****, ****** ******** aside, *** **** ***** ** ** too **** ******* ** ******* *****. When ****'** ***** ***** ** ***** like **** *** * *****, *** the ******** ** ** ********* *** un-coordinated ** **** **'* **** *************, and ****'* ****** ******* ***** *** quiet ****'** ***** ***** ** ***** this *******.

* ******* *'* **** **** *'* not ******* ****** ******** *** ******* this **** ;)

(3)
(1)
JH
John Honovich
Sep 21, 2021
IPVM

* ******* *'* **** **** *'* not ******* ****** ******** *** ******* this **** ;)

******* *** **** *** *******, ****** / *** ******.....

(3)
(1)
(2)
(1)
(9)
UD
Undisclosed Distributor #2
Sep 21, 2021
(2)
bm
bashis mcw
Sep 22, 2021

******, ***** ****** ,)

UM
Undisclosed Manufacturer #3
Sep 21, 2021

*** * ********** ********, ******* **** sounds **** *** *** *** ********* plans *** ***** *** **** *** being ***** ** **** *** ** their **** ******* ****** **** **** truly ***'* **** *****.

(1)
UI
Undisclosed Integrator #8
Sep 22, 2021

******** *** *********** ********** **** ******** suggest **** ** ** *** * deliberate ********.

(1)
UE
Undisclosed End User #4
Sep 21, 2021

** *** ****, **** ****

*** **** *** *** ******* *** Interlogix ******* *** * *****'* **** a ******** ****** *** **** ** over * ****. * ** **** they *** **********.

**** **** ** **** ****** ******* cameras ** ********* ****** ** ******* so *** ***** ******* *** ** isolated ******** **** *** **** ** reached *** ******* *** ****** ** if *** *** ** *** *******.

*****'* ********* *** **** *** ** does ******* **** *** ******** ** onsite ********** ** *** ****** *** directly ** **** *********** *** *********** and *** ** * ********** ****.

UD
Undisclosed Distributor #5
Sep 21, 2021

*** *** ******* *** ********** *******

** * *********** * ****** ******* that *** ****** / ***** *********** should ** ******* ******. ** ***** it ****** ********** *** *** ***** when ********** **** **** *****.

(3)
(1)
UE
Undisclosed End User #4
Sep 22, 2021

********** ****. * *** *** ****** aware ** ********** ****** *** ***** after **** ** *** ******* **** purchased. **** ******** *** ****. ********** did *** **** **** **** ************ by *** **** ***** *** **** did *** ********* **** *********** ******. And *** **** *** **** **** US. * ***** * **** **** Europe ** ********* ** *** ***** firmware *******.

(1)
UI
Undisclosed Integrator #6
Sep 21, 2021

"**** *** **** ************* ***** ** upgrade *** ************* ********* ******* *** *** ********** * ****** of ******** ** ***** **."

* *** ***** *** ********** **** didn't **** ****** ***** ********* **** anyways ( ******, ******, *******, ***** rights ****** *** ***). *** ** it **'** ** ******* ***** *** we *** ** *** *** *** their ***************? ******'* *** ****** **** lobby *** ******* *** *********** **** another "********" *****?

(2)
(5)
UD
Undisclosed Distributor #5
Sep 22, 2021

*** ************ *** ***** * **** anal ****** ***** ******** ****** ****** should ** ******* ** ****** / replace ********* & ******* ** ***** opportunity.

**** **** **** *** ***** ** not **** *** ****** ** ******** fix *** ***** ** *** **** do **** *** *** **** *** gear **** ** ** ****.

* **** **** ****** **** ** definitely *** *** ***** ***** ******** within *** ******** ******* **** **** pursue *** *******. * ********** **** that **** ** * ***** **** a **** *** ********* *** ******* wants & ***** ** ***** ***********. In **** **** **** ** ***** what *** ** *** ** & ASIAL ** ********* ****** ** *****, but ****'*.

(1)
(1)
(1)
(2)
UI
Undisclosed Integrator #6
Sep 22, 2021

"**** **** **** *** ***** ** not **** *** ****** ** ******** fix *** ***** ** *** **** do **** *** *** **** *** gear **** ** ** ****"

**** **** **. ***** *** ***** lower ***, **** *******-**** ****** ********* available **** **** *** *** ******. Hik *** ***** ******** **** **** deemed ** *** **** ** **** potentially ********** *** ***** ******* *** make ***** ********** **** ****** *** are * ******** ******** ****** ***** the *** ******* ** *** ********** not ****** *** ***** *******. ** away **** *** ********* *********, **** the ********* *** ***, ****** **** taking * **** ***** *** *****. IPVM ******** *** *** *** ** daily, *** ** *** ** ***** resources ****** ** "***" *** **** equipment? **** *** *** ******* *** of ***** ** *** ***** ** speak ****. **** **** ****. **** over.

(1)
(1)
(1)
UE
Undisclosed End User #4
Sep 22, 2021

* **** ** ***** ** ** because **** ********** **** **** ** installed **** ****** ** ****** *** replaced ********. *** ********* ******** ** 2 ***** **** * **** ******* of $*.** **** *** *** *******.

(1)
(2)
UI
Undisclosed Integrator #6
Sep 22, 2021

"* **** ** ***** ** ** because **** ********** **** **** ** installed **** ****** ** ****** *** replaced ********. *** ********* ******** ** 2 ***** **** * **** ******* of $*.** **** *** *** *******."

* ****** **** *** **** ***** be ** $*.** ***** ** *********, potentially ******** ******* (**** **** **-****** "fixed" ********) ******* **** **** ***** mfg, ********* **** ********* ******* **** company *** **'* **********. * ******* a ****** **** ******* **** $*.**. Here's ** ****** **** *-**** ******* plan ***** *** *** **** *******. But ** *** **** **** ** said ***** ****** . **** *** your ******* ***** *** *** **** 2 ***** **** *** ********* ***** the **** ******?

UE
Undisclosed End User #4
Sep 22, 2021

**** ********* *** *********** **** *** a ******* ******* ** ********* ******* the ********** ** ** ***** **** as *** ******** * ****** *** by ********* ***** ******* ** ********** private *******. ******** ***** ******* ***** be ****** ***** ********** *** ******* from ** **** ******* ***** ***** impact *** ******* *** ******** ********** devices ** *** ******* *******. ** the ****** ** **** * ******* launched ******* ***** ** ******* *** certainly ***** *** ** **** ** a ****** ***** *** *******.

UI
Undisclosed Integrator #8
Sep 22, 2021

******: ******* ******* **** ********* ** opinion? *** *** ******** * **** line ** *** ***** ** *******…

(1)
(1)
(1)
UE
Undisclosed End User #4
Sep 22, 2021

*** *** *** ******* ** **?

UI
Undisclosed Integrator #6
Sep 23, 2021

"*** *** *** ******* ** **?"

*'* ******** **, *** ** *********, neither ** ** ** "*******" ****** to "******" **** ** ******* ** "written" **** (*****), ** ** *** memory ******. * ***** **** ***** be *************** (*********** ******** *** ****) nowadays ***** ** **** **** ** words *** *********** (*'* ****** ** it ******). ** *******; ********* ** I *******.

***- ******** ** **** ********** ****** network; ** *** *******/***(*) **** "***" way ** ******** ******** ******* ** the ******** (*.*. *** ******* ** other **************)? ** **, **** *** not ****** **** ********* **** ** if *** ** **** ****** *** is ******** **** *******, ********** ** using ********* ***/*******...

U
Undisclosed #9
Sep 23, 2021
IPVMU Certified

"*** *** *** ******* ** **?"

***, ***-***, *** *** ********* ****** in *** ******* ******* ** ***** quotation *****:

IPVM Image

*. **’* *******

*. **’* *******

*. ** ****** *** ** **** a *** ***** ** * ***** before ******** ******** “**’* **** ***”.

UI
Undisclosed Integrator #6
Sep 24, 2021

'

"*** *** *** ******* ** **?"

***, ***-***, *** *** ********* ****** in *** ******* ******* ** ***** quotation *****:

IPVM Image

*. **’* *******

*. **’* *******

*. ** ****** *** ** **** a *** ***** ** * ***** before ******** ******** “**’* **** ***”.

'

"

****** *** *** ***

UI
Undisclosed Integrator #7
Sep 22, 2021

(2)
(8)
JH
John Honovich
Sep 22, 2021
IPVM

***** ** **** ******? :)

*******:*****’* ************* *********

(1)
(2)