Archived Content

In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
Alert

RCE Vulnerability in Hikvision Cameras (CVE-2021-36260)

Last Revised

Hikvision has released updates to mitigate a command injection vulnerability—CVE-2021-36260—in Hikvision cameras that use a web server service. A remote attacker could exploit this vulnerability to take control of an affected device.
 
CISA encourages users and administrators to review Hikvision’s Security Advisory HSRC-202109-01 and apply the latest firmware updates. See security researcher Watchful IP’s technical blogpost for more information.