Over 80,000 Hikvision cameras were affected by a critical command injection vulnerability tracked as CVE-2021-36260.
Over 80,000 Hikvision cameras were affected by a critical command injection vulnerability tracked as CVE-2021-36260.
The Chinese state-owned manufacturer provides video surveillance equipment for civilian and military purposes.
The flaw was tracked as CVE-2021-36260 and was addressed via a firmware update in September 2021.
“Specifically in the Russian forums, we have observed leaked credentials of Hikvision camera products available for sale,” the researchers said.
Hackers can leverage these to gain access to the devices and exploit further the path of attack to target an organization’s environment.
CYFIRMA reported that over 80,000 Hikvision cameras are still vulnerable to the critical command injection flaw, which carries a CVSS score of 9.8 out of 10.
More than 80,000 vulnerable cameras, more than 100 nations and 2,300 organizations are impacted.
Nearly 12,700 vulnerable camera products are located in China, followed by 10,611 in the U.S. and more than 7,300 in Vietnam.
Thailand, France, U.K., the Netherlands, South Africa, Ukraine and Romania also topped the list of the countries with the most vulnerable Hikvision cameras.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?