- These Sony headphones deliver premium sound and comfort - without the premium price
- The LG soundbar I prefer for my home theater slaps with immersive audio - and it's not the newest model
- Samsung's new flagship laptop rivals the MacBook Pro, and it's not just because of the display
- Email marketing is back and big social is panicking - everything you need to know
- Revisiting Docker Hub Policies: Prioritizing Developer Experience | Docker
Cybersecurity Vulnerability Could Affect Millions of Hikvision Cameras
On Sunday, video surveillance giant Hikvision posted a security advisory on its website warning customers of a cyber vulnerability that could impact millions of cameras and NVRs deployed globally.
The “command injection vulnerability” could allow threat actors to have complete control of compromised devices and was discovered by cybersecurity researcher Watchful IP in June and first reported on Monday by IPVM.
According to the security advisory, the vulnerability received a base score of 9.8 out of 10 per the Common Vulnerability Scoring System (CVSS), which Watchful IP called “the highest level of critical vulnerability.”
Although the video surveillance giant has not disclosed how many products are likely impacted, posting only product names and firmware versions, IPVM estimates that more than 100 million devices could be affected.
In a letter to its partners, Hikvision informed integrators to download an updated version of firmware on its website to remediate the vulnerability.
It also said: “We recognize that many of our partners may have installed Hikvision equipment that is affected by this vulnerability, and we strongly encourage you to work with your customers to ensure proper cyber hygiene and install the updated firmware.”
Hikvision also said that it worked with Watchful IP to patch the vulnerability. Additionally, the company has patched all vulnerabilities reported to the company in its latest firmware version.
“Hikvision is a CVE Numbering Authority (CNA) and has committed to continuing to work with third-party white-hat hackers and security researchers, to find, patch, disclose and release updates to products in a timely manner that is commensurate with our CVE CNA partner companies’ vulnerability management teams,” the letter adds.
“Hikvision strictly complies with the applicable laws and regulations in all countries and regions where we operate and our efforts to ensure the security of our products go beyond what is mandated.”
