Hikvision posts notification of vulnerability in certain products
In a Security Notification dated Sept. 19, surveillance manufacturer Hikvision noted a “Command Injection Vulnerability in Some Hikvision products.”
The notification describes the issue as “A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.”
Also listed are the potentially affected Hikvision products, along with a firmware patch to address the vulnerability.
The vulnerability was first reported to Hikvision’s Security Response Center by U.K.-based security researcher Watchfull_IP.