Hikvision Camera Driver Vulnerability Records Login details in Log files

A newly disclosed security vulnerability, tracked under CVE-2024-12569, has been identified in Hikvision camera drivers integrated with Milestone’s XProtect® Device Pack.

This vulnerability has raised concerns as it could log sensitive authentication details—including usernames and passwords—into plain-text log files during failed authentication attempts.

Milestone has responded promptly by releasing an updated device pack to address the issue.

Vulnerability Overview

The vulnerability stems from how certain Hikvision camera drivers log failed authentication attempts. When an incorrect username or password is entered, the corresponding credentials are stored in human-readable format within the log files.

Free Webinar on Best Practices for API vulnerability & Penetration Testing:  Free Registration

This oversight opens the door for attackers with access to the log files to potentially retrieve sensitive login information.

 This security flaw has been categorized as Medium severity, carrying a CVSS v4.0 score of 5.2. While there are no known public exploits targeting this vulnerability as of now, the risk remains significant for systems that are inadequately secured.

Affected Products

The issue specifically impacts XProtect Device Pack versions 13.4a and earlier. Users are strongly encouraged to update to the latest version of the Device Pack to eliminate this vulnerability.

Milestone has released an updated version of the XProtect Device Pack to resolve the issue. Users can mitigate the risk by:

1. Updating the XProtect Device Pack:
   Visit the Milestone website to download and install the latest version of the Device Pack.
2. Monitoring Logs for Exposed Credentials:
   If an immediate update is not possible, users should carefully monitor log files located at:

%PROGRAMDATA%XProtect Recording ServerLogsDrivers

Any exposed credentials should be regarded as compromised and changed immediately.

3. Strengthening Network Security:
   Implement best practices for securing your IT environment, including following the guidelines outlined in Milestone’s Hardening Guide. Ensure that network access to affected products is strictly controlled.

The XProtect Device Pack enables seamless interaction between Milestone’s XProtect VMS system and connected devices like Hikvision cameras.

While this functionality is essential for optimal video management, vulnerabilities in device drivers can pose significant risks if not promptly addressed.

To minimize exposure, organizations should routinely check for software updates, maintain a strict access control policy, and restrict physical and network access to sensitive systems.

Milestone has confirmed the vulnerability and taken swift action to provide necessary mitigations.

While no exploitation of this vulnerability has been identified at the time of publication, organizations should act promptly to apply updates and review their security protocols.

Proactive measures will help ensure the integrity of surveillance systems and protect against potential data breaches.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free