SP&T News

News
Hikvision posts notification of vulnerability in certain products


September 24, 2021
By SP&T Staff

In a Security Notification dated Sept. 19, surveillance manufacturer Hikvision noted a “Command Injection Vulnerability in Some Hikvision products.”

The notification describes the issue as “A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.”

Also listed are the potentially affected Hikvision products, along with a firmware patch to address the vulnerability.

The vulnerability was first reported to Hikvision’s Security Response Center by U.K.-based security researcher Watchfull_IP.

Advertisement

Print this page

Related

Tags



Leave a Reply

Your email address will not be published. Required fields are marked *

*