JSC State Technical Service

The Computer Incident Response Service of JSC “State Technical Service (hereinafter – KZ-CERT) during the monitoring of the Kazakh segment of the Internet for the presence of threats to information security, more than 100 Hikvision IP cameras were found potentially vulnerable to the identifiers CVE-2017-7921, CVE-2017-7923 and CVE-2021-36260.

Vulnerabilities CVE-2017-7921 and CVE-2017-7923 in Hikvision cameras allow impersonating any configured user account without authentication. The vulnerability has been present in Hikvision products since 2014. The peculiarity of these vulnerabilities is that in addition to obtaining full administrative access, they can be used to obtain passwords in text form for all configured users.

And the vulnerability identified by information security experts last year – CVE-2021-36260 allows an attacker to gain full control over a device with unlimited capabilities, which gives much greater access than even the owner of the device. Due to the fact that only a “protected shell” is available to the owner, which filters input data by a predefined set of mostly limited information commands. In addition to completely compromising its IP address camera, you can gain access to internal networks and perform a number of malicious actions. This is the highest level of criticality for a remote code execution vulnerability without authentication (RCE) affecting a large number of Hikvision cameras.

Given the deployment of these cameras at important sites, potentially even critical infrastructure is at risk. The firmware released back in 2016 has been tested and found vulnerable.

KZ-CERT experts strongly recommend making the necessary updates to device owners to avoid the risks of leakage of personal data of citizens of the Republic of Kazakhstan, as well as other information security incidents that may negatively affect the life of Kazakhstanis.

In turn, KZ-CERT took measures to notify telecom operators with a request to assist in notifying IP address owners with recommendations to apply the necessary updates.

It should be noted that Hikvision has released official security recommendations, with updates that eliminate vulnerabilities (for more information, see the recommendations with reference to the official source).

If you encounter an information security incident, please inform our specialists by toll-free number 1400 (24/7) or send a request to the Telegram chat: https://t.me/kzcert .

*Recommendations for updating Hikvision are posted on the official Internet resource KZ-CERT – CERT.GOV.KZ- https://www.cert.gov.kz/news/13/2120