Hikvision Cybersecurity Vulnerabilities Reported By Lithuania Government

Nearly 100 vulnerabilities were found in Hikvision firmware by a new report from Lithuania's government. Hikvision refused to provide any response, despite being given 2 weeks time to respond.

The report summarizes their findings from this process, finding nearly 100 vulnerabilities in software packages used in Hikvision DS-2CD2183G0-IU firmware (V5.6.2 build 190701):

Eleven software packages containing 95 security vulnerabilities were found installed in the Hikvision DS-2CD2183G0-IU camera. Thirty two vulnerabilities had a threat score greater than 6.5 (out of 10).

Additionally, they found that newer firmware contained more vulnerabilities than older versions (95 vs. 63) which they previously tested in an earlier report.

The identified vulnerabilities could allow hackers to execute cyber-attacks, remotely intercept camera information and execute malicious code. In addition, the camera was found to be susceptible to Denial of Service (DoS) attacks.

Out Of Date Software Versions

Notably, all of these packages are severely out of date, with many dating to 2012 or earlier

Bad For Hikvision

Given Hikvision's very poor track record, including critical vulnerabilities, cloud vulnerabilities, and backdoors, this report is likely to raise concerns about Hikvision's cybersecurity. Further, while many past Hikvision vulnerabilities were disclosed by private individuals, this report's publication by a government agency is likely to carry even more weight.