The attacker has access to the device network or the device has direct interface with the internet
Send a specially crafted message.
Obtaining fixed firmware:
Users should download the updated firmware to guard against this potential vulnerability. It is available on the Hikvision official website: Firmware download. Users can also use the Search Tool for Important Firmware Update to quickly detect critical vulnerabilities and download corresponding firmware.
Source of vulnerability information:
This vulnerability is reported to HSRC by UK security researcher Watchful IP.
Should you have a security problem or concern, please contact Hikvision Security Response Center at firstname.lastname@example.org.
2021-09-19 V1.0 INITIAL
2021-09-23 V1.1 UPDATED: Updated Affected Versions
2021-09-24 V1.2 UPDATED: Updated Affected Versions
2021-11-08 V1.3 UPDATED: Updated Affected Versions
2021-12-31 V1.4 UPDATED: Updated Affected Versions