China-based video surveillance related product offering company Hikvision has issued a security advisory saying that all those using their security cameras and NVRs must know a critical vulnerability on its devices that could allow hackers to take control of the cameras and use them as bots to launch DDoS or other related attacks.
IPVM that offers excellent information about the evolution of the surveillance industry has tagged the newly discovered vulnerability with a score of 9.8 out of 10 as per the Common Vulnerability Scoring System (CVSS) parameters. The resource adds that the flaw might affect 100 million Hikivision devices that include CCTV cameras, NVRs, alarm related solutions, thermal solutions and such.
As per the Hangzhou company that also offers IoT solutions, the only way to remediate the issue is to download the latest firmware from its website and keep the device updated with the software.
The company has issued an apology and stated that it will comply with the applicable laws and regulations in all countries and regions and will ensure that its products remain updated with the latest fixes for all the prevailing threats in the cyber landscape.
Note- Hikvision is a state-owned company of china that offers surveillance equipment for civilian and military purposes. It has a global business presence since 2001 and slowly captured the CCTV market of United States between 2013 to 2020. However, in November 2020, the then US President Donald Trump issued an executive order that blocks Hikvision products from being sold in entire North America because of National Security concerns. In March 2021, Biden Administration reiterated the same as the company products were found exhibiting unacceptable risk to American National Security.