CVE-2021-36260

Name of the Vulnerable Software and Affected Versions Hikvision IP camera/NVR firmware versions prior to the fixed version

Description The issue is related to insufficient input validation in the web server of some Hikvision products, allowing an attacker to launch a command injection attack by sending malicious commands. This can lead to full control over targeted devices and possibly internal networks. Over 3.2 million cameras are potentially exposed to this issue. The vulnerability has been exploited in the wild, with instances of botnets, such as Moobot, using it to spread and conduct DDoS attacks.

Recommendations For Hikvision IP camera/NVR firmware versions prior to the fixed version, update to the patched version (v210628) to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable web server or disabling the language parameter in the /SDK/webLanguage API endpoint until a patch is applied.