Hikvision Addresses Camera Issues

Thursday, May 4, 2017 @ 03:05 PM gHale


Hikvision mitigated an improper authentication vulnerability, but did not rectify a password in configuration file issue in its cameras, according to a report with ICS-CERT.

Successful exploitation of these remotely exploitable vulnerabilities, discovered by IPcamtalk user “Montecrypto,” could lead to a malicious attacker escalating privileges or assuming the identity of an authenticated user and obtaining sensitive data.

RELATED STORIES
Dahua Updates DVR, IP Cameras
Advantech Fixes WebAccess Hole
Rockwell Mitigates Issues with PACs
Advantech B+B SmartWorx Gateway Hole

Hikvision reports the following cameras and versions suffer from the issues:
• DS-2CD2xx2F-I Series
V5.2.0 build 140721 to V5.4.0 build 160530
• DS-2CD2xx0F-I Series
V5.2.0 build 140721 to V5.4.0 Build 160401
• DS-2CD2xx2FWD Series
V5.3.1 build 150410 to V5.4.4 Build 161125
• DS- 2CD4x2xFWD Series
V5.2.0 build 140721 to V5.4.0 Build 160414
• DS-2CD4xx5 Series
V5.2.0 build 140721 to V5.4.0 Build 160421
• DS-2DFx Series
V5.2.0 build 140805 to V5.4.5 Build 160928
• DS-2CD63xx Series
V5.0.9 build 140305 to V5.3.5 Build 160106

No known public exploits specifically target these vulnerabilities. An attacker with a low skill level would be able to leverage the vulnerability.

The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.

CVE-2017-7921 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 10.0.

The password in configuration file vulnerability could allow a malicious user to escalate privileges or assume the identity of another user and access sensitive information.

CVE-2017-7923 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.8.

The products see use on a global basis in the critical manufacturing sector.

Hikvision released updates to mitigate the improper authentication vulnerability in cameras sold through authorized distributers. Hikvision has not mitigated the password in configuration file vulnerability.

However, Hikvision is aware of “gray market” cameras sold via unauthorized channels. These cameras often use unauthorized firmware created by sources outside of Hikvision. In the case of these “gray market” devices, updating the firmware may result in converting the camera’s interface back to its original state. Users of “gray market” cameras who cannot update due to this unauthorized firmware will still be susceptible to these vulnerabilities.

In the Hikvision Unauthorized Distributors Notice, Hikvision encourages users to use devices sold by authorized distributers rather than “gray market” devices. Click here for Hikvision’s Unauthorized Distributors Notice.

North American models of Hikvision cameras that can end up fixed and their updated firmware versions are:
• DS-2CD2xx2F-I Series
V5.4.5 build 170123 and later
• DS-2CD2xx0F-I Series
V5.4.5 Build 170123 and later
• DS-2CD2xx2FWD Series
V5.4.5 Build 170124 and later
• DS- 2CD4x2xFWD Series
V5.4.5 Build 170228 and later
• DS-2CD4xx5 Series
V5.4.5 Build 170302 and later
• DS-2DFx Series
V5.4.9 Build 170123 and later
• DS-2CD63xx Series
V5.4.5 Build 170206 and later

These updates are available for download.

More information can be found by visiting Hikvision’s Vulnerability Notice.

For Chinese-language domestic cameras, Hikvision also provides on-site tours or remote support in addition to the updated firmware.

Hikvision also states device models and firmware upgrade procedures may differ between regions. These policies will end up communicated to users through Hikvision.



Leave a Reply

You must be logged in to post a comment.