A critical security flaw in Hikvision surveillance cameras, initially identified in 2017, is currently being actively exploited by cybercriminals to gain unauthorized access to sensitive data. This vulnerability, designated as CVE-2017-7921, has been assigned a maximum severity score of 10.0 on the Common Vulnerability Scoring System (CVSS) scale.
Nature of the Vulnerability
The core issue resides in the firmware of various Hikvision camera models, which permits improper authentication. This flaw enables remote, unauthenticated attackers to bypass security protocols and escalate their privileges, effectively seizing control over the device. By dispatching specially crafted requests, attackers can download the camera’s configuration file—potentially containing user credentials—or even alter user passwords to lock out legitimate owners.
Exploitation Techniques
Recent observations by SANS researchers have noted a surge in malicious activities targeting this specific flaw. Attackers are sending suspicious web requests to vulnerable cameras, such as accessing the `/System/deviceInfo?auth=YWRtaW46MTEK` URL. The base64-encoded string `YWRtaW46MTEK` translates to `admin:11`, indicating that attackers are attempting to brute-force devices using weak and easily guessable passwords.
Potential Consequences
Successful exploitation of this vulnerability can have severe repercussions. Attackers can not only view live and recorded footage but also use the compromised camera as a pivot point to launch further attacks against the internal network. The downloaded configuration files, though encrypted, utilize weak encryption with a static key, making it feasible for attackers to decrypt them and harvest user credentials.
Mitigation Measures
To mitigate the risk, owners of Hikvision cameras are strongly advised to:
– Update Firmware: Ensure that the device’s firmware is updated to the latest version provided by Hikvision.
– Strengthen Passwords: Use strong, unique passwords to prevent unauthorized access.
– Restrict Internet Exposure: Avoid exposing the camera’s management interface directly to the internet.
– Secure Remote Access: If remote access is necessary, implement a secure Virtual Private Network (VPN) connection.
By adhering to these measures, users can significantly reduce the risk of unauthorized access and potential data breaches associated with this vulnerability.
