Hikvision Network Camera Flaw Let Attackers Intercept Dynamic DNS Credentials


A critical security flaw has been discovered in Hikvision network cameras that could allow attackers to intercept Dynamic DNS (DDNS) credentials transmitted in cleartext, potentially exposing thousands of devices to unauthorized access and manipulation.

The vulnerability affected multiple Hikvision camera models that had used firmware versions before recent security updates.

SIEM as a Service

The issue stems from the cameras’ implementation of DDNS services, specifically DynDNS and NO-IP, where credential information was transmitted without encryption over HTTP rather than the secure HTTPS protocol.

Security researchers found that attackers could potentially execute man-in-the-middle attacks to capture DDNS service credentials. These credentials could then be used to manipulate camera connections and gain unauthorized access to video feeds.

Protecting Your Networks & Endpoints With UnderDefense MDR – Request Free Demo

This vulnerability is particularly concerning as Hikvision cameras are widely deployed in sensitive locations and critical infrastructure settings.

Products Affected

  • DS-2CD1xxxG0 versions prior to V5.7.23 build241008
  • DS-2CD2xx1G0 versions prior to V5.7.23 build241008
  • DS-2CD3xx1G0 versions prior to V5.7.23 build241008
  • IPC-xxxxH versions prior to V5.7.23 build241008
  • DS-2CD29xxG0 versions prior to V5.7.21 build240814
  • DS-2CD1xxxG2 versions prior to V5.8.4 build240613
  • DS-2CD3xx1G2 versions prior to V5.8.4 build240613
  • HWI-xxxxHA versions prior to V5.8.4 build240613
  • IPC-xxxxHA versions prior to V5.8.4 build240613
  • DS-2CD2xxxG2 versions prior to V5.7.18 build240826
  • DS-2CD3xxxG2 versions prior to V5.7.18 build240826
  • DS-2CD2xxxFWD versions prior to V5.6.821 build240409

The risk is amplified by the discovery that over 80,000 Hikvision cameras remain exposed online to various security vulnerabilities.

These cameras are deployed across 2,300 organizations in 100 countries, with the highest numbers found in China, the United States, and Vietnam.

“Given the deployment of these cameras at sensitive sites, potentially even critical infrastructure is at risk,” noted security researchers.

The vulnerability has attracted attention from criminal actors and state-sponsored groups, with Russian cybercriminal forums actively discussing exploitation techniques.

Hikvision has released firmware updates to address this security concern, modifying the cameras to communicate exclusively via HTTPS for DDNS services. The company strongly recommends that users:

  • Update to the latest firmware immediately
  • Implement strong password policies
  • Isolate camera networks from critical assets using firewalls or VLANs
  • Regularly monitor for unauthorized access attempts

Organizations using affected Hikvision cameras should prioritize these security measures, as the combination of exposed DDNS credentials and other known vulnerabilities could lead to complete device compromise and potential network infiltration.

Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!



Source link