Hikvision 3 NVR Vulnerabilities April 2024 Analyzed
This report requires an IPVM Research Service subscription. Learn more.
By bashis mcw - 5 days ago
Vulnerability (82)
Displaying 'Vulnerability' tags 1 - 25 of 82 in total
Mercury Red Board 2022 10.0 Vulnerability Examined
HID's Mercury is abruptly EOLing their red boards, with a partner citing "reducing latency and vulnerabilities," but how have red boards been...
By Mert Karakaya and bashis mcw - 12 days ago
Axis 4 VAPIX API Vulnerabilities February/March 2024 Analyzed
This report requires an IPVM Research Service subscription. Learn more.
By bashis mcw - 18 days ago
Dormakaba Stops Selling / Supporting Cracked Mifare Classic Credentials
While MIFARE Classic credentials have been cracked for many, many years, and new devices simplify exploiting such vulnerabilities, Dormakaba has...
By IPVM Team - about 1 month ago
Russian Military Used Hacked Cameras in Missile Strike on Capital, Alleges Ukraine
Russia hacked video surveillance cameras as part of a massive air attack on Kyiv, according to Ukrainian security services. Several countries...
By Conor Healy - about 1 month ago
Dormakaba "Unsaflok" / MIFARE Classic Vulnerability Examined
How does the Dormakaba "Unsaflok" vulnerability work? In our first report - Dormakaba Discloses Critical Vulnerability, To Rip And Replace Access...
By bashis mcw - about 1 month ago
Dormakaba Discloses Critical Vulnerability, To Rip And Replace Access For 300,000 Doors
Cracked access control credentials are a rising concern as technologies developed decades ago are still widely sold and used and are increasingly...
By Mert Karakaya, bashis mcw, and Jermaine Wilson - about 1 month ago
Bosch 47 VMS / Recorder Vulnerabilities March 2024 Analyzed
This report requires an IPVM Research Service subscription. Learn more.
By bashis mcw - about 1 month ago
Exclusive: Senator Rubio Calls for FCC Investigation of Vulnerable "Amazon's Choice" PRC China Doorbell Cameras
Senator Marco Rubio (R-FL) is calling on the FCC to investigate PRC-made doorbell cameras after researchers identified serious security flaws,...
By Conor Healy - about 2 months ago
Evolv Supports Missing Guns To Reduce False Alarms
While Evolv marketed "weapons-free zones" with "touchless," "frictionless" screening, claiming unprecedented convenience and security that,...
By Nikita Ermolaev, Conor Healy, and John Honovich - about 2 months ago
How Flipper Zero Can And Cannot Hack or Harm Cars
While social media posters have exaggerated how harmful Flipper Zero is to cars, some cars are at risk of being stolen, and most cars can still be...
By Mert Karakaya - 2 months ago
HID Discloses High Severity Vulnerabilities On Configuration Cards
Following the "Major, Mandatory Upgrade," HID now released two high-severity CVEs on malicious configuration cards, and unauthorized encoders. But...
By Mert Karakaya - 3 months ago
HID Confirms iClass SE Is Not Cracked
HID's "major, mandatory upgrade" added iClass SE to its list of "legacy credentials [that] can expose a security risk," prompting IPVM and PACS...
By Mert Karakaya - 3 months ago
IPVM Drives HID Security Improvements
Following a series of IPVM reports explaining HID's long-standing unfixed vulnerabilities (see 1, 2, 3), HID has pushed a "major, mandatory...
By John Honovich - 3 months ago
Evolv CEO: "Thank Goodness Nothing Tragic Has Happened Yet But It's Probably Just A Matter Of Time"
Despite currently being sued by a student stabbed by a weapon not detected by Evolv, Evolv told investors "nothing tragic has happened yet" and...
By Nikita Ermolaev - 3 months ago
HID Pushes "Major, Mandatory Upgrade" For "Legacy Downgrade Attacks"
IPVM has advocated HID deal with downgrade attacks it has known and allowed. Now, in what HID is describing as a "major, mandatory upgrade," HID...
By Mert Karakaya - 3 months ago
Dormakaba Saflok Key Derivation Function (KDF) Algorithm Cracked
The secret Key Derivation Function (KDF) algorithm in the Saflok RFID system from Dormakaba is cracked, allowing an attacker to calculate the...
By bashis mcw - 3 months ago
Bosch 3 Vulnerabilities December 2023 Analyzed
This report requires an IPVM Research Service subscription. Learn more.
By bashis mcw - 3 months ago
HID Touts "Signo = Securityā€¯ Despite Critical Vulnerabilities
While HID markets "Signo = Security" and that "security comes first," HID obscures and features critical unfixed vulnerabilities both for low...
By William Howard-Waddingham - 4 months ago
Axis 4 Vulnerabilities November 2023 Analyzed
This report requires an IPVM Research Service subscription. Learn more.
By bashis mcw - 4 months ago
How HID High-Frequency Only Readers Are Vulnerable To Downgrade Attacks
The main objection to IPVM's downgrade attack report was that it impacted only 125 kHz credentials. A similar vulnerability exists for...
By Mert Karakaya - 4 months ago
Network Optix Nx Witness Cloud, High-Security Vulnerability 2023
This report requires an IPVM Research Service subscription. Learn more.
By bashis mcw - 5 months ago
Hikvision IP Camera And Recorder New High Severity Hik-Connect Vulnerability Analyzed
This report requires an IPVM Research Service subscription. Learn more.
By bashis mcw - 5 months ago
How the Seader App Works With HID SAMs and Flipper Zero
While Flipper Zero (see test) has become a viral sensation, it does not work out of the box with HID's widely used SE / Seos "highly secure"...
By Mert Karakaya - 5 months ago
Hikvision High Severity Vulnerability November 2023 Analyzed
This report requires an IPVM Research Service subscription. Learn more.
By bashis mcw - 5 months ago
