The same day that the US government passed a prohibition on Hikvision cameras, Hikvision disclosed a critical vulnerability for its IP cameras.
However, while the US government is concerned about the PRC using Chinese government-owned Hikvision for cyberattacks, this vulnerability is clearly not related to the Chinese government.
On the other hand, it is a critical vulnerability and the potential for damage is high. With Hikvision's continued recommendation to port forward and its mass OEMing, this means a vast number of products, both Hikvision branded and via OEMs such as Interlogix, LTS, Anixer/Northern, Panasonic/Advidia, etc. will be impacted.
In this note, we review the vulnerability disclosure and the potential impact.