Nearly 100 vulnerabilities were found in Hikvision firmware by a new report from Lithuania's government. Hikvision refused to provide any response, despite being given 2 weeks time to respond.
Eleven software packages containing 95 security vulnerabilities were found installed in the Hikvision DS-2CD2183G0-IU camera. Thirty two vulnerabilities had a threat score greater than 6.5 (out of 10).
Additionally, they found that newer firmware contained more vulnerabilities than older versions (95 vs. 63) which they previously tested in an earlier report.
The identified vulnerabilities could allow hackers to execute cyber-attacks, remotely intercept camera information and execute malicious code. In addition, the camera was found to be susceptible to Denial of Service (DoS) attacks.
Out Of Date Software Versions
Notably, all of these packages are severely out of date, with many dating to 2012 or earlier
Bad For Hikvision
Given Hikvision's very poor track record, including critical vulnerabilities, cloud vulnerabilities, and backdoors, this report is likely to raise concerns about Hikvision's cybersecurity. Further, while many past Hikvision vulnerabilities were disclosed by private individuals, this report's publication by a government agency is likely to carry even more weight.