Dear readers of Tecnogalaxy, today we will talk about the security of the cameras that are connected to the internet.

Nowadays all over the world thousands of cameras are used and connected to the internet, for work, security, monitoring etc….

Have you ever wondered what might happen if a camera is outdated or still has the default password?

A vulnerability discovered about last year, (patched by the manufacturer), is still present on many devices internationally.

The vulnerability detected was critical “9.8 out of 10 severity” as mentioned in technical jargon, it was command injection type “injection of commands”, on the Web server of some products of Hangzhou Hikvision Digital Technology Co., Ltd., often abbreviated as Hikvision.

Chinese and state-owned manufacturer providing video surveillance equipment and iot sensors for the civilian and military market.

The bug that had been identified as “CVE-2021-36260”, allows you to send commands (obviously malicious), via messages, because thanks to insufficient validation of the input.

When the attacker can access the camera’s TCP 80 or 443 ports via HTTP, he can exploit the bug to perform actions such as inserting it into a botnet, attacking other networks, or spying on owners.

The update for the more than 70 models of devices “Hikvision”, is available on the manufacturer’s website, researchers of CYFIRMA however have found that still thousands of devices in circulation are still vulnerable and could be attacked by cyber criminals.

These cameras are more widespread in these countries: China, the United States, Vietnam, France, the Netherlands and Romania , the United Kingdom, Ukraine, Thailand, South Africa, and the impacted nations are more than one hundred.

In some Russian forums are also available for sale the credentials of cameras “Hikvision”, so as to be exploited by cyber criminals to gain access to devices.

Obviously the advice for people who have this type of camera is to update it as soon as possible to avoid unpleasant surprises.

As always make good use of it by making tests on your devices / computers , making them on devices/ computers is illegal.

To the next article.

Read also:

Was this article helpful to you? Help this site to keep the various expenses with a donation to your liking by clicking on this link. Thank you!

Follow us also on Telegram by clicking on this link to stay updated on the latest articles and news about the site.

If you want to ask questions or talk about technology you can join our Telegram group by clicking on this link.

© - It is forbidden to reproduce the content of this article.