Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: More Trouble For Hikvision DVRs - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
More Trouble For Hikvision DVRs

The "Internet of Things" is turning against us once more. Rapid 7 is reporting how Hikvision DVRs are vulnerable to at least 3 different remote code execution vulnerabilities. Metasploit modules are available to take advantage of them, a patch is not available.

All three vulnerabilities were found in the code dealing with RTSP requests. The vulnerabilities are simple buffer overflows.

Hikvision DVRs were already in the news earlier this year, when we found many of them being exploited by "The Moon" worm, bitcoin miners, and code scanning for Synology disk stations. Back then, the main exploit vector was the default root password of "12345" which never got changed.

At this point, device manufacturers just "don't get it". The vulnerabilities found in devices like the Hikvision DVRs are reminiscent of 90s operating systems and server vulnerabilities. Note that many devices are sold under various brandnames and Hikvision may not be the only vulnerable brand.

[1]  https://community.rapid7.com/community/metasploit/blog/2014/11/19/r7-2014-18-hikvision-dvr-devices--multiple-vulnerabilities
[2] https://isc.sans.edu/forums/diary/Linksys+Worm+TheMoon+Summary+What+we+know+so+far/17633/

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

I will be teaching next: Defending Web Applications Security Essentials - SANS Munich July 2019

Johannes

3553 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!