RCE Vulnerability in Hikvision Cameras (CVE-2021-36260)

Archived Content

In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.

Hikvision has released updates to mitigate a command injection vulnerability—CVE-2021-36260—in Hikvision cameras that use a web server service. A remote attacker could exploit this vulnerability to take control of an affected device.

CISA encourages users and administrators to review Hikvision’s Security Advisory HSRC-202109-01 and apply the latest firmware updates. See security researcher Watchful IP’s technical blogpost for more information.

Archived Content

RCE Vulnerability in Hikvision Cameras (CVE-2021-36260)

JCDC Cultivates Pre-Ransomware Notification Capability

Cisco Releases Security Advisories for Multiple Products

CISA Releases Six Industrial Control Systems Advisories

Untitled Goose Tool Aids Hunt and Incident Response in Azure, Azure Active Directory, and Microsoft 365 Environments

Archived Content

RCE Vulnerability in Hikvision Cameras (CVE-2021-36260)

Related Advisories

JCDC Cultivates Pre-Ransomware Notification Capability

Cisco Releases Security Advisories for Multiple Products

CISA Releases Six Industrial Control Systems Advisories

Untitled Goose Tool Aids Hunt and Incident Response in Azure, Azure Active Directory, and Microsoft 365 Environments