Hikvision, a top provider of network cameras, has issued firmware updates to fix a security vulnerability that could reveal users’ Dynamic DNS credentials. This issue impacts various Hikvision camera models and may allow attackers to access sensitive information or disrupt camera communication with the Dynamic DNS service.
The Vulnerability:
By infosecbulletin
/ Sunday , December 1 2024
A workshop on "DDoS use cases & solutions for government & BFSI" held at Bangladesh computer society premises on Saturday...
Read More
By infosecbulletin
/ Saturday , November 30 2024
Uganda’s finance ministry confirmed media reports that hackers breached the central bank’s systems and stole money, but refuted the claims...
Read More
By infosecbulletin
/ Friday , November 29 2024
CERT Germany and Zyxel have alerted about a serious vulnerability in Zyxel firewalls, identified as CVE-2024-11667. This flaw is being...
Read More
By infosecbulletin
/ Friday , November 29 2024
Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so...
Read More
By infosecbulletin
/ Thursday , November 28 2024
CERT-In has flagged a security vulnerability in Oracle’s Agile Product Lifecycle Management (PLM) software, identified as CVE-2024-21287 and cataloged as...
Read More
By infosecbulletin
/ Thursday , November 28 2024
On November 26th, Microsoft patched four vulnerabilities detected in Dynamics 365 Sales, the Partner.Microsoft.Com portal, Microsoft Copilot Studio and Azure...
Read More
By infosecbulletin
/ Thursday , November 28 2024
SL Data Services/Propertyrec, an information research provider exposes a non-password-protected database containing more than 600K records according to the security...
Read More
By infosecbulletin
/ Wednesday , November 27 2024
Cloudflare suffered an incident roughly 3.5 hours On November 14, 2024 impacting the majority of customers using Cloudflare Logs. Cloudflare...
Read More
By infosecbulletin
/ Wednesday , November 27 2024
VMware revealed several critical vulnerabilities in its Aria Operations product, with the most severe allowing attackers to gain root user...
Read More
By infosecbulletin
/ Wednesday , November 27 2024
On Monday, Indian HDFC life insurance said, They got some instances of data leaks. "We have received communication from an...
Read More
Older Hikvision network cameras relied on HTTP for communication with Dynamic DNS providers like DynDNS and NO-IP. This exposed usernames and passwords as they were sent in cleartext, making them vulnerable to interception.
Impact:
An attacker exploiting this vulnerability could:
Steal Dynamic DNS Credentials:
Capture usernames and passwords, potentially gaining unauthorized access to the user’s Dynamic DNS account.
Disrupt Communication:
Interfere with the camera’s connection to the Dynamic DNS service, preventing remote access to the camera.
Launch Further Attacks:
Use the compromised Dynamic DNS account to redirect traffic or launch other malicious activities.
Affected Products:
A wide range of Hikvision network camera models are affected, including:
DS-2CD1xxxG0, DS-2CD2xx1G0, DS-2CD3xx1G0, IPC-xxxxH (versions prior to V5.7.23 build241008)
DS-2CD29xxG0 (versions prior to V5.7.21 build240814)
DS-2CD1xxxG2, DS-2CD3xx1G2, HWI-xxxxHA, IPC-xxxxHA (versions prior to V5.8.4 build240613)
DS-2CD2xxxG2, DS-2CD3xxxG2 (versions prior to V5.7.18 build240826)
DS-2CD2xxxFWD (versions prior to V5.6.821 build240409)
Solution:
Hikvision fixed the vulnerability by releasing updated firmware that requires HTTPS communication with Dynamic DNS services. Affected camera users should update their firmware immediately.
Bangladesh Bank issues cyber threat alert