Hikvision admin password exploit

#1

As spoke about on the Thursday Vlog 104. Hikvision cameras do have quite a few exploits. Just thought I would create a topic about one of them. - You never know someone might need to use it.

If you have a camera running any of the following firmware this exploit is present.

  • V5.2.0 build 140721
  • V5.2.0 build 141016
  • V5.3.0 build 15051
  • V5.3.6 build 151105
  • V5.3.8 build 151224
  • V5.3.5 build 161112
  • V5.4.0 build 160401
  • V5.4.0 build 160520
  • V5.4.1 build 160525
  • V5.4.0 build 160530
  • V5.4.3 build 160705
  • V5.4.3 build 160808
  • V5.4.4 build 161125
  • V5.3.9 build 170109

Further information about it and a Windows tool to use the exploit can be found here.

#2

Nice post, this may be helpful in the future. I don’t want to really derail this topic, but just a reminder for anyone who does find them in the position of taking over a camera system, or is setting up a new one: every IP camera vendor, even Axis and Cisco, have had some pretty bad exploits in the past like hidden admin accounts that can’t be disabled, or bugs in the HTTP/S interface that allow the camera to be reset without proper credentials, etc. Therefore IP camera systems should always be on their own VLAN that is protected by firewall rules to limit access to it. Whether you also put other “security” things like alarm panels and key readers into this VLAN is up to you and your risk acceptance. The important thing is that the average user of the regular network shouldn’t be able to access the cameras directly.