Hikvision Cybersecurity Vulnerabilities Reported By Lithuania Government

By Ethan Ace, Published Feb 15, 2021, 08:26am EST

Nearly 100 vulnerabilities were found in Hikvision firmware by a new report from Lithuania's government. Hikvision refused to provide any response, despite being given 2 weeks time to respond.

IPVM Image

Inside this report:

A summary of the vulnerabilities
The vulnerabilities explained
Comment from Lithuania's Ministry of Defence
Continued cybersecurity issues
Comparison to Axis firmware vulnerabilities

IPVM Image

Nearly *** ***************

*** ********* ******** ** *********'* National ***** ******** ******, part ** *** ******** of ******** *******. ****** firmware *** ********** *** software ******** ******* *** known ****.

*** ****** ********** ***** findings **** **** *******, finding ****** *** *************** in ******** ******** **** in********* **-*********-********** (**.*.* ***** ******):

****** ******** ******** ********** 95 ******** *************** **** found ********* ** *** Hikvision **-*********-** ******. ****** two *************** *** * threat ***** ******* **** 6.5 (*** ** **).

************, **** ***** **** newer ******** **************************** **** ***** ******** (95 **. **) ***** they********** ****** ** ** earlier ******.

Critical ***************

*** ******* **** *** most *************** *** *** most ******** *** ******* ******* ** ******* (1.0.1j), ***** ******** ** vulnerabilities, ***** ** ***** have *** ******* ******** score, **/**. ******, ********* BusyBox, *******, *** ****** also **** ****** ***************, scored ** *+.

*** **** ****** ******** the ********* ************* ** these ***************:

*** ********** *************** ***** allow ******* ** ******* cyber-attacks, ******** ********* ****** information *** ******* ********* code. ** ********, *** camera *** ***** ** be *********** ******** ** ******* (***)*******.

Out ** **** ******** ********

*******, *** ** ***** packages *** ******** *** of ****, **** **** dating ** **** ** earlier, ********* **** *** and *******, *** ******** with *** **** ****** vulnerabilities. ***** ******** ** these ******** ***** ******* few ** ** ***** vulnerabilities *** *********, *** Hikvision *** *** *********** them.

Vulnerabilities *** ********* ****** *******

*** **** *** *** exploit *** ** ***** vulnerabilities ****** *******. ***** is ** ***** ** concept ** *** ***** vulnerabilities *** ** *********. Instead, **** ******* *** that *** *** ** the ***** *** ** assess **** *************** ******* and *** ******** **** were ***** ** *** common ************* ******* ******. It ** ******** **** any ** ***** *************** would ** ********* ** inexperienced *****, *** ** their **********, *** **** could ** ******** ****** for **** ******* *******.

Report ***********

****** *** **** ****** performed ******** ******** ** firmware *** *** ******* tested, ******** *** **** on ***** ******* ***** and ** ***** *******. The **** ********* ***** analysis **** ** ******** from *** ******** ******.

****, **** **** ***** versions ** ******** *** now ********* (****** ******* was *.*.* ***** ****** at *** **** ** writing). *************** *** **** in **** *** *** newer ******** ** **** are ********.

Dahua ******** ******** *** ********

***** ** ********* ** this *** ****** *** an ******* *** **** report, *** *** **** did *** ******* ******** vulnerability ******** ** **** did **** *********. *******, Dahua ******* ******* ** "***** ****" *******,**** *****, *** *** ******* versions. **** *** *** find *** ******** "****** cyber ******** ***************" ** these *****, *** ***** that *** ****** ****** up ******** *** ************ sent ******* ** ******* in * ********* *********, including *****.

Axis ********: ** ***** ***************

** ******** ** *********, NCSC **** ******* **** firmware *** *************** ** current ********. **** ***** that ***** ******* ******** (7.3.0 ** ***** *****) had ** ***** ***************, dating **** ** ****, the ****** ******* ** firmware ** *** **** of ***** ******** *** no ***** *************** (*.*.*).

No ******** **** *********

********* ************ ******* ** our ******* *** ******* on *** ***** *** vulnerabilities *** *** *** respond **** *** *********.

******, * *** ***** IPVM ********* ********* *********:

********* ***** ************* **** seriously *** ** ****** open ** ************* ******** on *** ********. ********* is ***** ** *** NKSC ****** *** ** currently ********** ************* *** findings ** *** ******. The ****** ********* *****-***** software ***************. *******, **** only ********* ****** ******** and *** ****** **** not ******** ** *** of ***** *************** *** exploitable *** **** ********* product.

Bad *** *********

***** *********'***** **** ***** ******, ***************** ***************,***** ***************,*** *********, **** ****** ** likely ** ***** ******** about *********'* *************. *******, while **** **** ********* vulnerabilities **** ********* ** private ***********, **** ******'* publication ** * ********** agency ** ****** ** carry **** **** ******.

Comments (33)

Ross Vander Klok

IPVMU Certified | 02/15/21 09:27am

** ******* ** *********, but*********? ** ***** *********** do **** **** ** testing?

John Honovich

IPVM | In reply to Ross Vander Klok | 02/15/21 04:29pm

** ***** *********** ******* the *******? **** ** Lithuania ** *** ********** that ***** ** *********** such ****** *** ****** inform *** ******.

Ross Vander Klok

IPVMU Certified | In reply to John Honovich | 02/15/21 04:12pm

********** **** ** ********* for ********* *** *******. That ****'* **** * was ******* **. *** just *********? ** ***** governments *** ***** ******* like **** (* ********* hope **** ***) *** not ******* *** *******? What ** *** ******** to ******* ** ***? Especially ** **** *** already ***** ******** ** issues?

Ben Patience

In reply to Ross Vander Klok | 02/16/21 11:38am

***** *** ******...

** **** **** ***************... but ** ****'* ******* you **** ** ****...*** we ****'* ******* ****** what ** *** ***** to **** *****...

**** ****** ** **** everything...

Ross Vander Klok

IPVMU Certified | In reply to Ben Patience | 02/16/21 03:56pm

**** ****! * ****** have ******* ** **** too *********** * **** read**** *********

**** ****** ****, *** on ********: *** **** Hack: *** ***** ********* a *.*. **** ********

Undisclosed Integrator #5

In reply to Ross Vander Klok | 02/16/21 08:06pm

** **** ***** ***** be **** ****’* ** this **** ** ******* before ******. *** **** government ******’* *** ******* cameras **** *** *************** if **** **** ***** it.

**** * *** ** governments ***’* **** ***** Chinese ****** ** *** tendering ******* **…

***** **** **** ******* them ***** *** ******* “Hell **!”

bashis mcw

In reply to Undisclosed Integrator #5 | 02/16/21 08:33pm

***** ******* *** ****** and ****** *** ***'*, it's **** ******* *** in ************* ***, ** to *****, **** **** of ******** **** ******* for ******** ** ****** libraries / **** ** their *****. (*** ********* no **** ** ***, it's *** ******)

*** **********'* ***** ** exactly **** **** **** Dahua, *** **** **** most ******* ** **** industry ********.

*** ******* (***, *****, etc..) *******, * *****, are **** **** ******* all ****** **** *** big ****, *** ***'* be ** **** **** to ****** ** ****** versions */* ******** ******.

*** ***** ********, ***** recently **** **** ****** injections, ***** *'** ****** them ******* ** ******* 'interesting' ***** ** ****.

*** '****' ****** ***** simply *** *** **** stuff (*'* *** **** ,).

Undisclosed Integrator #7

In reply to Undisclosed Integrator #5 | 02/18/21 04:38pm

** **** **** ** chuckle **** ** *** tenders **** *** ‘** Chinese **** *******’. ************ (more ***** ***** ****) we *** ‘** *******, hardware ** ******** **** USA *************’

*** *** ***** **** received *** **** **** banned!

**** *** ‘** *****’ presumably **** ** *** to *** ******** ******** hard ***** **** ***** and *************** **** ***** in ***** **** ******!

bashis mcw

In reply to Undisclosed Integrator #7 | 02/19/21 12:21am

***, **** *** *** has *** ****** *****, still **** ** ******* outside ** .** *** OEM **** (********* *****).

** ** **** ********* (please ******* ** ** I ** *****, *** be ****** ***), *** only ****** * **** is ****, *** ** not *** ******* (.**/.**/***.) IPC's.

***** ** **** ***** for ** ***** '**********' the *********, ***** ***** is **** *********** *** in ********* *** **********, as **** ******* ******* compile *** **** *** big ****, ***** **** do *** (******** **** comparable ** **** ***** environment)

**, * ** *** paid *** ******* ** Axis, *** ****** ** promote ***** ********, *** I ****** **** **** I ** ******** * bit ********* ***** *** structure ** **** ********, and **** *** ******** measures **** **** *********** since ** **** ********** of *** ****** ****** back ** ****.

** *.**$

John Honovich

IPVM | In reply to bashis mcw | 02/19/21 12:43am

*** **** ****** * know ** ****, *** do *** *** ******* (.cn/.tw/etc.) ***'*.

****, ********, *********** ********* ***** ** Factory *** ********, *****, IV *** ****

*** *** *** *** as **** ******** ******* in *** **** ***** they *** ********* *** sold ** *** ********. If *** **** **** access ** ***, **** let ** **** :)

bashis mcw

In reply to John Honovich | 02/19/21 09:15am

***********, *** :)

Undisclosed Integrator #8

In reply to bashis mcw | 02/19/21 02:26am

**** * ******** *** you

** ** ******** ** completely **** *** *** NVR **

*** ******* *****

**** ******

******

Saulius Martinenas

IPVMU Certified | In reply to Ross Vander Klok | 02/18/21 07:53am

** *** ** ********* because *** ******* ** small, *** ****** ** seems **** ********* ** intent ** ******** ** EU *** ****, ***** may **** ***** **** attention. **** *** ***** IPVM ********:**** ****** ******

****, **** ** *********'* state ************ *** **** known *** ***** ******* hardware *** ******* ********, while *** ******* ** positioning ****** ** * fintech, ****** *** ******* hub. ** ***** *** have **** **** ******** to *** *** ******** in ***** ****** ********* serious ***. ***** **********, I'm ***** ** ***** investigations *** ********* *** published, ** ********** *** market **** *** *** benefits.

Undisclosed Manufacturer #1

In reply to Ross Vander Klok | 02/15/21 02:57pm

********** *** *** **** investigations ******** * **** ago *** *** *** disclose *** *******. ** least * *** ***** of ***** ******** *** the ****** ****** ** under ***.

bashis mcw

In reply to Undisclosed Manufacturer #1 | 02/16/21 10:49pm

****** *****, ***** *** seems *** ** ** on *** =)

Undisclosed Manufacturer #1

In reply to bashis mcw | 02/19/21 05:05pm

*** ** * **** it *********** **** ** extra ******* ****?

*** *** *** ****** out *** *+* **** from *** ******** ********* from ***** *****-****** (********* ******** *********): *****************, ********* *** Forsvarets ********************* (***) *** Forsvarsbygg (***** *** ********* *** organizations) **** ******** ***** systems, *** **** ****** that **** **** *** registered ******** **** *********. No ********** **** **** established **** *********.

Andrew Myers

In reply to Ross Vander Klok | 02/15/21 03:05pm

****, **** ***'* ************ advanced ******* (** ******* to *********). ** **** did **** * ***** they ***, ** ******** took ****** ** ***** the ****** **** ** discover *** **** ** CVEs. ***** *** **** tools **** ******* **** anybody ***** *** ** come ** **** *** same *******. ******'* ** surprising ** **** ********** IT *********** **** ***** the **** ****** *****.

*** *************** **** *** NSA ***** ** ********** in *** *** **** that ****'* ******* ****** in * *** ******** somewhere.

Undisclosed End User #2

In reply to Ross Vander Klok | 02/15/21 02:37pm

*** **** ******** **** a ******* **** ** from ****** ****** **** are **** ** ** nefarious ** ******** ** the ****** ********.

***** *** *********** ***'* equal ****** ***** ********, there ** *** **** to ** **** * crisp ***** *** **** margins.

** *** ***** ****** what *** *** **** name **?

Undisclosed Integrator #4

In reply to Undisclosed End User #2 | 02/16/21 01:47am

** ******* ** ********* about ********, ****** **** the ***** ** ******** test ** ***'* ******** the ********. ** *** what ** ***....

Undisclosed Integrator #4

In reply to Ross Vander Klok | 02/16/21 01:43am

**** *** "******"; *** be ********** ************* *** to.

Charles Rollet

In reply to Ross Vander Klok | 02/22/21 05:05am

**** ** *** ******** related, *** *** ******************** ***** ****** *** China** *** *** ******* threats,****** “*** ********* *** of ******* ***** ************ in ********** **********" ** particular.

Christopher Freeman

02/15/21 03:04pm

*** ****** ** ****** what , *** **** up ** *** ***** threat , **** ** at ***** ****

**** *** *** **** guard **** ** **** you ****

****** ** ***** *** always ***** ** **** the ******** ** *********

**** **** ****

Andrew Myers

In reply to Christopher Freeman | 02/15/21 03:12pm

**** *** *** **** guard **** ** **** you ****

** *******. *** *** world ** * ****** storm ** ***************. *** can ***** *** ******* on * **** **** a ********, *** **** about *** *** ****? For *******, ******** *** fully *********** *********, *** almost ****** ***** ***** firmware *******, *** ******** have **** ****** ** the ******* (******* ****** need ** *****).... ** now ******** *** *** of *** ****** **** for ******* ** *** in. **** *** *** your ***** ****...

Undisclosed Manufacturer #3

In reply to Andrew Myers | 02/15/21 11:33pm

** *** **** ***** alot **** ******** ***** printers, ********, *** ******* about *****. ***** ***** videos **** ** ** YouTube **** *** ****. Very ***** *** ***** attention ** *** *****.

**** ***** ******** **** been **** **** ****** to ******* ***** **** using ***** ****** ****** so **** **** * point...

** ********* ******** **** global ******** ******** ********* Slater

Ben Patience

02/15/21 10:18pm

**** ***.* ** *** 2019 ** ***** ******* appear ** ** ***** out ** ****

***** ** *********** ** know **** ******** ***** are ***** **** **** to ******** ***** *** compare.

**** ** **** **** when ********** ***** ** axis *******, **** ************* modules ** **** **** as * *** ****** vulns . **** ******* doesn’t ********* **** ** elements ** *** ******* aren’t **** ******** ** the **** ******* ** aren’t ‘****’ ***************

Undisclosed Integrator #4

02/16/21 03:57am

**** *** **** ***** with ***** *********, ** hand; * ***** ** all *** **** ** my ************ ***** ***** towards ****. $*** *** person(minimum) ** **,***+ ******* (~$3millon ********). ***** **** already ** **** ** that **** ** *******?

Undisclosed Integrator #4

In reply to Undisclosed Integrator #4 | 02/22/21 06:19am

********........

John Honovich

IPVM | 02/16/21 01:44pm

******: ********* ********:

********* ***** ************* **** seriously *** ** ****** open ** ************* ******** on *** ********. ********* is ***** ** *** NKSC ****** *** ** currently ********** ************* *** findings ** *** ******. The ****** ********* *****-***** software ***************. *******, **** only ********* ****** ******** and *** ****** **** not ******** ** *** of ***** *************** *** exploitable *** **** ********* product.

Andrew Myers

In reply to John Honovich | 02/16/21 03:21pm

"** **** ************* **** seriously" ****** ***** ** shudder... ** ************ *** ***** ********.

**** **** ********* ****** analysis *** *** ****** does *** ******** ** any ** ***** *************** are ***********

**** ** * ***** point. * ***** **** preferred ** ** ****** exploitation *** **** *********. The ***** **** ************* scanners (***** * ****** is **** **** ****) is **** *** *** a **** ****** ** false *********. *** ****** need ** **** *** libraries *** ***** ****.

**** **** ** **** to ****** **** **** was ******. ************* ******** isn't ***** ****. *** check *** ******* ** all *** *********, **** that **** * *** database, *** * **** of *******, *** ***'** done. *** **** *****'* mean **** *** *** exploitable. ******* ******* ** they're ***********, *** ****** isn't ************ ******.

*** ** ******* ********* ******* ** ******** Stack ********:

*** ****** ***** **** a ************* ****** **** a ******* ** * company. **% ** *** time ***** *** ******* by **********, *** *** likely ** ** ******* by *** ********* ******** team. *** ****** ** because ******** *** **** any ****** ** ***** positives, ** * ******** from * ************* ******* does *** ******** **** there ** * *************. However, ** ** ****** for *** *** ****** testers ** ****** **** vulnerability ******* **** ******** off ** ********* ******* any ************* ** **** the ****** ****, ** it ** *******, ** if ** ** **** applicable. ** * ****** security ***** **** ***** just ****** * ****** that **** ******** *** of * *******. **** bug ****** ******** ************ state ****.

**** ********* **** *** an*********** ******* ** **** post:

*'* *** ** *** security **** ******* *** receives ****** ******* **** this. * ***** **** 90% ** *** **** it's * ***** ******** sent ** ** ******* sec ********** *** *** no **** **** *** finding *****. **** ****, 10% ** *** ****, it's * **** ** don't *** *** **'* useful. ****, ***% ** the **** ** ***** us ***** *** ** impact ** ****** ******** our ****. ** ** sometimes **** "***********" **** changes ****** *** ** reasons ** **** *** customers *** **** ******* when **** *** * scan.

*** *** **** ******** to *********? *****. *** they **** ** ** tested ** ** ****.

***, *** *** **** about *** ********* *** dinged ** *** **** while **** ****'* **** any *******. ** ** probably ****** ** **** libraries *******. **** **** mean **** **** **** always ** **** ******? It's * **** ****, but **** ** ****** does *** **** ** more ******. **'* **** a ******, **** *** warnings * *** **** my ******** *******. * know **** *** *** the ********* *** ****, so *'* *** ******** that ******** * *** computer * **** *** same ******** ******* **'* actually ********* ** *** same ****** *******. ****'* a ***** ********. *** at *** **** ****, it ***** **** *'* not ******* ** ******** manager **** *********. ********, since **** ** ****** attention ** **** ****** and ********* ***'*, * can *** **** **** is ******** **** ******** with ******* ** ***** security.

bashis mcw

02/16/21 04:03pm

***** ** ** ****** than ***, *** ********* noted ***** "***** ****" is **** ****** ***** P2P *****, **** *** "keep *****" (****** ** turned ***).

Undisclosed #6

IPVMU Certified | 02/16/21 10:19pm

**** ** *********, ****** acronyms ****** *** ** translated ********** ** *** one ****** *****.

******.****

Horace Lasell

02/17/21 02:05am

***** ***, * ****'* seen *********** ** ***** vulnerabilities *********. **** ********* me ** *** ** my ****** ** ***** all ******** ****** ** similar ******* ** ** network **** *** ******** only *** ******** ***.

****** *****!

Undisclosed Manufacturer #1

02/19/21 05:02pm

*** ****** ******* ****** Chinese *******, *** *** result ** **** ******.

*.*. *** ****** ** in ********* *** ***** a *******. *** ****** explains ****'* ****** *******.

***** ******* ******* ********* kameraer, *** ********** **** holdt ******** - ****.**

Read this IPVM report for free.

This article is part of IPVM's 6,805 reports, 913 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Hikvision Cybersecurity Vulnerabilities Reported By Lithuania Government

Comments (33)

Ross Vander Klok

John Honovich

Ross Vander Klok

Ben Patience

Ross Vander Klok

Undisclosed Integrator #5

bashis mcw

Undisclosed Integrator #7

bashis mcw

John Honovich

bashis mcw

Undisclosed Integrator #8

Saulius Martinenas

Undisclosed Manufacturer #1

bashis mcw

Undisclosed Manufacturer #1

Andrew Myers

Undisclosed End User #2

Undisclosed Integrator #4

Undisclosed Integrator #4

Charles Rollet

Christopher Freeman

Andrew Myers

Undisclosed Manufacturer #3

Ben Patience

Undisclosed Integrator #4

Undisclosed Integrator #4

John Honovich

Andrew Myers

bashis mcw

Undisclosed #6

Horace Lasell

Undisclosed Manufacturer #1

Read this IPVM report for free.

Member Login

Loading Related Reports