Hikvision IP Camera Critical Vulnerability 2018 Disclosed

Author: IPVM Team, Published on Aug 16, 2018

The same day that the US government passed a prohibition on Hikvision cameras, Hikvision disclosed a critical vulnerability for its IP cameras.

However, while the US government is concerned about the PRC using Chinese government-owned Hikvision for cyberattacks, this vulnerability is clearly not related to the Chinese government.

On the other hand, it is a critical vulnerability and the potential for damage is high. With Hikvision's continued recommendation to port forward and its mass OEMing, this means a vast number of products, both Hikvision branded and via OEMs such as Interlogix, LTS, Anixer/Northern, Panasonic/Advidia, etc. will be impacted.

In this note, we review the vulnerability disclosure and the potential impact.

*** **** *** **** ***** ********** ****** * *********** ** ********* *******, ********* ********* * ******** ************* *** *** ** *******.

*******, ***** *** ** ********** ** ********* ***** *** *** using ******* **********-***** ********* *** ************, **** ************* ** ******* not ******* ** *** ******* **********.

** *** ***** ****, ** ** * ******** ************* *** the ********* *** ****** ** ****. **** *********'* *********************** ** **** ************* **** ******, **** ***** * **** ****** ** ********, **** ********* branded ****** **** **** ** **********, ***, ******/********, *********/*******, ***.**** ** ********.

** **** ****, ** ****** *** ************* ********** *** *** potential ******.

[***************]

Vulnerability ********

*** ************* *** ********** ** ******* ***********, *** ** ******* * ******* ** **** *** ******* IoT ************ ************* (*** **** **** *******).

********* -********* ******** ******** ****** ** **** *************,****'* ******** **** ** *********'* *****************-****-**** ******. ** ********* ********* *** *************:

* ****** ******** ************* ** *** *** ****** ** **** Hikvision ** ******* ****** ** ******** ** **** * ********* crafted ******* ** ******** *******. *** ** *** ************ ***** validation, * ********** ******* *** ******* ****** *** **** **arbitrary **** ********* ** ***** *** *******. [Emphasis Added]

*** **** ****** ** **** ********** ** ***** ** ******. Exploiting *** ************* ****** ******* ** ****** **** **** *** device ** ***** *** ******.

*** **** **** ***** ** * ******** *.* / **.*.

Models ******** *** ***

**** ** ****** ****** *** ******** *** **** *** ***, according ** *********.

********** / ******** ****** (**** *********'* ******):

  • *********** ****** (**-*******, ********** ****** “***** **** *.***”)
  • ***** **** (**-**********)
  • ***** ****** *********** ***** ****/****** (**-*******)
  • ***** *** ***** ****** **** (**-****/*/*/* *** **-****/*/*/*)

*** ********** / *** ******** ****** *******:

***** ***** ****** ****** (****** ***** **** ***, **-********), *** smart ****** ****** (**-*******), ******* (**-*******), ********** (**-*******), ****** (**-****/***/******), thermal (**-******)

****: ********* *** *** ****** * **** ** *** ********** devices. ** **** ******* **** **** ** **** ******* *** users. ** *** **** ** ********** ** **********, *** ** know ** *** ******** *** ** **** ******.

No ********* ******* *** / ****** ** ****

********* ******* ** *** ** ******* **** **** ** ******** later **** ****.** **** *********:

********* ******* ** *** ********* ************* **** ** ********* **** the ** **** *** *********, ******** ****** **** *** ********.

**** ********* ***** ******* **** *** ******** *** ***** *********'* fractured ******* *** ******** ****, ****, ** *** **** ******* will *** ** ******** ** ****. **** *** ********* ******* are ********, *** **** ******* ******* ****** ********* ** *** various ********* *** *** ** ******* **** **** *** **** patched.

Positive *** ********* - ***** ************

********* ****** ** ********* *** ********** **** *****. ********* ***** have ****** ***** ****'* ** *** ****** *** **** ** delay *** ** ***. *******, ********* ********* ** ************* ***** of ****'* ****** **********.

Comments (33)

Undisclosed Manufacturer #1

08/16/18 03:29pm

*** **** ** **** *** **....****** ** **** *******'* **********??

John Honovich

IPVM | In reply to Undisclosed Manufacturer #1 | 08/16/18 03:41pm

****, *** ********** **** ********* ** **** **** *** ** because **** **** **** *** ***** ** ** * *** months. **** *******, ***** ** *** ***** *** ***** *** tester, **** ***** **** ***** ********* ** ******* **** **** of ** ******** ***** **.

**** ***** ** ********** ** ********* ********* **** ******** *************** Rapid7, ***** *** ***** ***** ***** ************* ***** *****.

bashis mcw

In reply to Undisclosed Manufacturer #1 | 08/16/18 05:58pm

******** ****** **** *** ***, *** **** ** *** ******* happening **** *******/****** ** *******/**********.

******** * ********** ***** ** *********, * *** **** ****** as **** *******: ****'* *** ** ****** ** ****! (***, but ***** ****** **** ************ **** **** *****) ;-)

************, ***'* ****? =]

Undisclosed #2

08/16/18 04:04pm

***'* *** * ** **** ********* ** ****. ******* *** their ****** ***** ****** ************* * ********, ********* ****** *** too **** ****** ** **** **** ** ***** *******. ** is ****** ******** **** ***** *** ****** ** ******* ******** buried ** ***** ******* ******** *** ********, **** ******* ** be **********.

************ *** *** *******-**** ***** ***** ***** ** **** **** "myth" ** *** ******** ***** ******** *****.

*********, ****'* **** ****:

Related image

Undisclosed Integrator #5

In reply to Undisclosed #2 | 08/17/18 01:56pm

Undisclosed #2

In reply to Undisclosed Integrator #5 | 08/17/18 02:05pm

**** ******* ***** ** **** ** *** **** ********. ***** Hik-specific, ** ***** **** ** ******** ******* ** **** ***** last ****.

Undisclosed Integrator #5

In reply to Undisclosed #2 | 08/17/18 02:10pm

**** **** * **** **** *** ***** ************ *** ****** as ******.

Thumbnail newheadshot

Sean Nelson

Nelly Security | 08/16/18 04:32pm

********* *** ** ********* *** ********** **** *****. **** ** how *** ****** ****** **** ************. ** ******* *** *** handling ****** ********* *** *************.

** ****,** *** ******* ***** ********* *** *** **** ** Genetec ** *** ***** ***-******* *******. *** ** ****** ** rhetoric **** *****...

*** *** *********. **** *** **** ******* **** *** ******** all *** ******** ** *** *** ** *** *** *** your ******* ** *** ** ** **** ****** ********* *** make *** ******** ******* **** *******. *** *** ****** ** see **** *** **.* ****!!!. *** **** "*********" ****** ** completely ****** **** *** *** ******** *** *** * ****!

******** ** *** *** **** **********?

Undisclosed Distributor #3

In reply to Sean Nelson | 08/16/18 07:22pm

* **** *** * **** *** * *** ******* ** trolling.

Undisclosed End User #4

In reply to Sean Nelson | 08/17/18 07:18am

** *** "****" **** **** ******* * *** ******* **** favorite *****, *** ** ****** * ******:

*: ****** **** *********. ***** *** **** ** *** ** articles (*** ***'* ** * **** *** *** *** **** time):

**** **: * ** ***** ********* ***** ****, ** **** it **** *****

**** **** *: * ************* (***** ** *******), * ******* test (**** * ******** *******), * ******** ******* ***** *** (obviously ****** ** ****), * ******* ***** ******** **** **** attendance (********* ** *********)

**** **: ** ** ***** ********* (********* *** *****)

**** **** *: * ****** ********, * ******** ********, * is ***** * ******** / ******* ******, * ******** *** article (********* ****** ** ****)

** **** ** **** *****, **** ********* ** *** **** 5 ******* **** *** ***, ***** ** ** ******* ******** about **** *** ******** ***. ***** ****** **** *********/******* ** not ****? ***

*: ****** **** ***** ********, ** ** *** ***'* **** any ******** *********** ** **** ****, **** ******** *** ****** suspend ** ***** **** ********** **** **** ******** ************ ** in *******.

*** ******* **** ** ******, **** ** *** ****.

** ***** ** ** ********* ********* ******* ***** * *************, do *** ***** *****, ***** **** ****** ********. ** ***** you **** ********, *** * ********** ***** *** *** * serious ***. *** ****** ***** *** ****.

Thumbnail newheadshot

Sean Nelson

Nelly Security | In reply to Undisclosed End User #4 | 08/17/18 01:11pm

**** **: *

**** **: **

**** **** *: *

********. *** *** ******* **** ***** ******?

*** * ********** ***** *** *** * ******* ***

****** **** ** *********** *****?

Undisclosed End User #4

In reply to Sean Nelson | 08/17/18 01:20pm

*'* ****** ************ ***. *** ***** ***** **** *** *** worrying ***** ** ****** ******* ******** ***** **** ******* ********* :)

**** * **** ***.

Thumbnail newheadshot

Sean Nelson

Nelly Security | In reply to Undisclosed End User #4 | 08/17/18 01:30pm

**** * **** *** ***!

Undisclosed #2

In reply to Sean Nelson | 08/17/18 10:08am

*** ****** ** ** ***** ******* ** ******** **** *********, ma'am.

Thumbnail newheadshot

Sean Nelson

Nelly Security | In reply to Undisclosed #2 | 08/17/18 02:16pm

** **** *** ****** ******** ** ******* *** **** *** hides ****** *** ***** ** ***********. **** ******* ** **** that **** ** **** ****** *******.

Undisclosed #2

In reply to Sean Nelson | 08/17/18 02:19pm

**** ** ****** **** *****'* **********:

*) ************* **********

*) ***/*** *********** ** **** ** ****

*) ****** ****** ** **** **** *******

Undisclosed End User #4

In reply to Sean Nelson | 08/17/18 02:23pm

** **** *** ****** **** * **** ****, *** ******* to **** ** **** ******** **** *** ********* *******.

** *** ***** ****. *** *'* * *****, *** ********** my **** ******* ******* ** ***** **** *** *** ****** taking **** ***** ** ****** ******* ** ********* ** **** industry.

** *** **** ******** ***** ******?

**, * ***** **** **** ***. ***** *** **** *********? Or **** ***** ****** *** ********?

Thumbnail newheadshot

Sean Nelson

Nelly Security | In reply to Undisclosed End User #4 | 08/17/18 02:55pm

***, * **** ** **** *** *** **** * *** and ***** ** ** ****, *** ********* * *** ****** a **** *** ** **** ***** ***** ** ** ********* it?

***, **** ** *******, *** * ***** *** ****** **** disclosed, ********** **** *** *** * *****, ******* *** **** appear *** **** ********** **** **** ** *** **** ** here *** **** ******** ********* ****** ***** ***** ****** *** hide ****** *** *********** *****.

** *** ****, *** **** **** *** *** ******* *********** distressed *** **** ************ ** ******* *** *** *****. ** far ** ** *********, **** *** *** **** ****, *** feel **** ** *** ** *** ******** ********* *** * will ** ***** ** ****** ****.

Undisclosed Integrator #6

In reply to Sean Nelson | 08/17/18 10:01pm

* ***** **** ** *****, *** ****'* ******* *** ******** comment. **** ***** ********* ******!

Thumbnail newheadshot

Sean Nelson

Nelly Security | In reply to Undisclosed Integrator #6 | 08/17/18 07:41pm

* ********* *** *** ** ***** "***" *** **********.

***** *** ************ *** *** ********* ** ******? ***** **** been ** ****. *'** ** ***** ** **** * ******** non-troll ***********.

Thumbnail thumb 260x260 4

Jonathan de Chateau

In reply to Sean Nelson | 08/17/18 07:53pm

**** ***** ** * **** ****** **** ******* *** *********** button.

** *** **** ********* ** ***, *** **. **** ** share **** **** ***'* ** ******? **** ** ** *** team. **** *** **** **** * ****** ** ***** *** credibility *** ***** *** **** ** **'* ********.

******* *********** *** **** ***** ***** ** **, ** ******* a ***** **** *******'* ** *******.

** *** *********** *** **** #*, *** **** ******* **** and **'* ******* *** ****** ** *** ****** **********. ****'* not * **** *** *** ** **** ** ** ******.

Thumbnail profile pic

Ethan Ace

IPVM | In reply to Jonathan de Chateau | 08/17/18 08:30pm

***** ** *** **** *****, ** * **** **** ** multiple **** *******: ** *********** ** ****** ******* ***** *** ***** ** *********** *******. Further ********** ** **** ***** ** ***** ** *** *******. Undisclosed ******* ** *** ***** ******** ** ****.

** ****** ***** ***************** **** ****** ********* *************, ****, ** *********'* ********, **** free. **** ** ********** **** ******* **** *** *****.

Thumbnail profile

Michael Gonzalez

08/20/18 09:00pm

Frank Nelles

08/22/18 12:13am

****, ************* ** * ************ ******* ** * ******* ******** such ** **** ***** ** * ***** *** ***** ******** and ***** ******* ******** ******* ********* ************* *** ************* *************, as **** ** ***** ******* ********** ** ** ***** ** operating ** **** ***** ** ******* *****. ****** ******** ***** of ****, *** ******* **** ********** ********** (****) (**)****/***, ***** is * ********** ** ** *** ** **** ********** *** privacy *** *** *********** ** *** ******** *****. .*** ********* is * **** ******.

****, ***** *** ******** **** ******** *** **** *** ********** on *** **** ************* ***** ** ** ***** ** **.

***** *** *** *** ***** ************ **** ** ****** *** this ********.

***** ******

************** **********

Undisclosed Integrator #7

08/22/18 10:09am

** **** ***** * ***, ********* ********* *** ****** * fix ****** *** *********.

*** ***** **** *** ** *** **** ******* ** ***** using **** ***?

Undisclosed Manufacturer #8

In reply to Undisclosed Integrator #7 | 08/22/18 11:47am

*** ***** ** *******. *****, *** ** *** ******* ** near *** ******* ****** ************. ******* ** ** ***** *** a ****** ***** ** *** ******* *** ************ ***** ** headline ****.

****** ** *** ******. *** ** ********** ******* ***** ***** cyber ******** *******. ***, * **** *** ***** **** * vulnerability *** ****** ******, ******* ** * ******* *** **** of ****** ** ****** ***** ******** **** ****** **** *** and *** ******* *************** **********. ** *** **** *** *** to *** ***** *******, **** ** ********** ** ***** ***** need ** ** *******, ***. *** **** ** *** ***** own ****. ** * ******* *** **** *********, *** *** they ******* ***** **** *** *****? * ** ******* **** for ******** ******* *** * ******* ********* *** ******** ******** quickly, ***** ** * **** ******* *** ****.

****, (* **** **** **** *** **** ******** ******), *** Hik **** **** ********** *******. *** ***** ****** **** **** a ******* **** *** **** *******. *** ****** **** ** look ****.

*******, ** *** *****. **** **** ******** * ***** ** 8.9. *****, *** ** * ******* **** ** ** ******* on ***** ******** ****** **** *** **** ***** **** ******* vulnerabilities? (*** ***, * **** **** ***** ***** ********* **** are ******* ***** ***** **** *** *******, **** ** ****, Dahua, ***. * ***** **** ** ****).

John Honovich

IPVM | In reply to Undisclosed Manufacturer #8 | 08/22/18 11:50am

** * ******* *** **** *********, *** *** **** ******* these **** *** *****?

***** ** ****:********* ********,***+:

Undisclosed #9

In reply to John Honovich | 08/22/18 04:13pm

* ***'* ******* **% ** **** ********* ** *&* ** sustainable ** *** ********** ******.

John Honovich

IPVM | In reply to Undisclosed Manufacturer #9 | 08/22/18 04:19pm

********* **** *** ****** **** **** ***** ** "*&*" ** it ** **** ** **** ** **** *** *********** ** in *** **** *** **** ******* ********** ********* **.

Undisclosed End User #4

In reply to John Honovich | 08/23/18 07:18am

******* ******* *****. * *** * ******* ***** **** ******'* repair ******* **** ** ***** *** **, *** ******. ** they *** *********, ** ****** *** ****.

* ***'* ****** ******* ** *** **** ********* ** *&* colleagues **** ***** ******... ** **** ** ***** *********, ** you **** **** ****** ** *********, *** **** **** **** amount ** ************* ******?

Undisclosed Manufacturer #8

In reply to Undisclosed End User #4 | 08/23/18 11:34am

* **** ***** **** * *** *** ** ** **** reusing *** ****. *** ***** ***** ** **** *****, *** to ***************, ****** ** ***** ****** ****, ** ****** ** get **** **** ****-***, **** ***** ***** **** *** **** a *** ****** **** * *** ** *** * *** back ***.

** ****.

* **** ** ** * *** ** *********** *** ******* to ** ****, *** **** ** *** * ******* ***** a ***** ***** ** *********** *** *********...

John Honovich

IPVM | In reply to Undisclosed Integrator #7 | 08/22/18 03:12pm

*** ***** **** *** ** *** **** ******* ** ***** using **** ***?

* ******** ***** ** *** **** ********** *** *'** *********. ******* ******* *** *** ** *** business ** ******** ******* ***** *****, ** ** ** *** a ********** *** ** ***** * *************.

*** ****** **** **** ** **** **** ********* ** ** 90 ****. ********* ** * **** ***** *** ****** **** lots ** ****-*********, ******** ********** *******, ***** ***** *** ********** is **** **** **** **** ******* **** *** ****** ***** this ****.

John Honovich

IPVM | 10/09/18 08:02pm

******: ********* ** **** * ******** ********** ***** ******** ******** as **** ** ********* ** ******* **** ******* ****:

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Most Recent Industry Reports

Hikvision Silent on "Bad Architectural Practices" Cybersecurity Report on Nov 14, 2018
A 'significant vulnerability was found in Hikvision cameras' by VDOO, a startup cybersecurity specialist. Hikvision has fixed the specific...
French Government Threatens School with $1.7M Fine For “Excessive Video Surveillance” on Nov 14, 2018
The French government has notified a high-profile Paris coding academy that it risks a fine of up to 1.5 million euros (about $1.7m) if it...
Integrator Credit Card Alternative Divvy on Nov 13, 2018
Most security integrators are small businesses but large enough that they have various employees that need to be able to expense various charges as...
Directory of Video Intercoms on Nov 13, 2018
Video Intercoms, also known as Video Door-Phones or Video Entry Systems, have been growing in the past decade as more and more IP camera...
Beware Amazon Go Store Hype (Tested) on Nov 13, 2018
IPVM's trip to and testing of Amazon Go's San Francisco store shows a number of significant operational and economic issues that undermine the...
Magos Radar Company Profile on Nov 12, 2018
Magos America General Manager Yaron Zussman admits when he first came across Magos, he asked himself: "What's innovative about radar?" Be that as...
Genetec Privacy Protector Tested on Nov 12, 2018
Genetec has built Kiwi Security's Privacy Protector into Security Center, an analytic which anonymizes individuals in cameras' fields of view...
Chinese Government Increases Hikvision Ownership on Nov 12, 2018
The Chinese government - Hikvision's controlling shareholder - is increasing its ownership of the video surveillance giant amid sharp stock price...
Axis: "No One Wants To Buy A Camera" on Nov 09, 2018
Axis has, in its own description, made a bold declaration: The industry is changing so rapidly that the following statement might seem bold but...
Video Surveillance Hard Drive Size Statistics 2018 on Nov 08, 2018
What is the most common hard drive size for video surveillance? 150+ integrators answered: What size hard drive do you most commonly use? What...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact