Hikvision IP Cameras: Critical Backdoor Security Flaw Found

backdoor2

Hikvision, a Chinese manufacturer of video surveillance equipment, recently announced that some of their cameras are exposed to a security vulnerability that when used, allows attackers to gain admin privileges on Hikvision IP Cameras to tamper with device information.

Long Story Short
Some Hikvision IP cameras are subject to two bugs that allow attackers to access sensitive information and gain admin privileges.

I own a Hikvision camera, what should I do?
Hikvision has released updated firmware for the affected cameras. You must upgrade your firmware. Once the device is upgraded to the latest firmware, the issue is resolved.

The following cameras are affected:
DS-2CD2xx2F-I Series
Updated firmware: V5.4.5 build 170123 and later
DS-2CD2xx0F-I Series
Updated firmware: V5.4.5 Build 170123 and later
DS-2CD2xx2FWD Series
Updated firmware: V5.4.5 Build 170124 and later
DS- 2CD4x2xFWD Series
Updated firmware: V5.4.5 Build 170228 and later
DS-2CD4xx5 Series
Updated firmware: V5.4.5 Build 170302 and later
DS-2DFx Series
Updated firmware: V5.4.9 Build 170123 and later
DS-2CD63xx Series
Updated firmware: V5.4.5 Build 170206 and later

More information about the backdoor and how to upgrade your camera to the latest firmware is available via Hikvision. Another update to the bug has also been posted by Hikvision here.

Do you own a Hikvision camera? Was your camera affected by the exploit?