Cybercriminals in Russian forums are selling logon credentials to Hikvision-brand security cameras, tens of thousands of which remain vulnerable to a well-known exploit, warns a threat intelligence firm.
A study by Cyfirma reveals that more than 80,000 Hikvision cameras used across the globe contain a critical flaw first identified more than a year ago.
Chinese manufacturer Hangzhou Hikvision Digital Technology Co. issued a patch for the vulnerability last September. Tracked as CVE-2021-36260, this command injection vulnerability allows attackers to execute arbitrary system commands on the victim’s host operating system. Attackers could exploit the vulnerability to add the cameras to a botnet or as a launching point for lateral movement deeper into the camera operator’s network.
Hikvision is controlled by the Chinese government and is on a number of U.S. federal government blacklists. The Federal Communications Commission in March 2021 classified the company as a risk to national security.
