Background / What has happened?
A vulnerability (CVE-2021-36260) has been identified in certain Hikvision products. Hikvision is a popular manufacturer of internet protocol cameras sold under the Hikvision brand.
This vulnerability could allow a cyber actor to take full control of the vulnerable device. The cyber actor could then access device functionality or target other devices on the same network in order to steal information or install malware.
To exploit this vulnerability a cyber actor needs to access the web server exposed by the Hikvision device, either over the internet or a local network such as a WiFi network. It is common that these products are exposed to the internet to allow for remote monitoring or administration.
A listing of affected Hikvision products is available from the Hikvision security advisory.
It is possible that other device manufacturers utilise Hikvision hardware and firmware. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) recommends monitoring individual vendor’s for relevant security advisories.
Mitigation / How do I stay secure?
Australian owners of Hikvision products should consult the Hikvision security advisory and apply an appropriate firmware update if required.
As part of cyber security best practice Australian owners should, if possible, prevent such devices from being accessed from anywhere on the internet.
Assistance / Where can I go for help?
The ASD’s ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ASD's ACSC via 1300 CYBER1.