Firmware Global Security Notification to disclose a vulnerability (CVE-2023-28811) in Hikvision NVRs/DVRs

[Phil]

Hikvision have asked their Partners to share this update widely, to ensure that any vulnerable Hikvision NVRs and DVRs are updated to new firmware (since 21st August 2023) that contains a fix for the vulnerability.

Hikvision has released a global Security Notification to disclose a vulnerability (CVE-2023-28811) in Hikvision NVRs/DVRs.

The vulnerability has been fixed through a patch that can be accessed on the company’s website. The list of the products affected can be found in the Notification.

Please see the attached pdf letter for further details.


The affected NVR models are:
NVR-2xxMH-C(D)
NVR-1xxMH-C(D)
HW-HWN-42xxMH(D)
HW-HWN-41xxMH(D)
DS-71xxNI-Q1(C)
DS-71xxNI-Q1(D)
HL-NVR-1xxMH-D(C)
HL-NVR-1xxMH-D(D)
HW-HWN-21xxMH(C)
HW-HWN-21xxMH(D)
DS-76xxNI-Q1(C)
DS-76xxNI-Q2(C)
DS-76xxNI-K1(C)
HW-HWN-41xxMH(C)
HW-HWN-42xxMH(C)
HL-NVR-1xxMH-C(C)
HL-NVR-2xxMH-C(C)
DS-77xxNI-I4(B)

The affected DVR models are:
iDS-EXXHUH
DS-EXXHGH
iDS-EXXHQH
DVR-EXXHUH
DVR-EXXHGH
DVR-EXXHQH
iDS-72XXHQH-M(C)
iDS-72XXHUH-M(C)
iDS-72XXHQH-M(E)
iDS-72XXHUH-M(E)
iDS-72XXHTH-M(C)
HW-HWD-72XXMH-G4
HW-HWD-62XXMH-G4
HL-DVR-216Q-K2(E）
DS-71XXHGH-M(C)
DS-72XXHGH-M(C)
DS-71XXHGH-K(S)
DS-72XXHGH-K(S)
HL-DVR-1XXG-K(S)
HL-DVR-2XXG-K(S)
HL-DVR-1XXG-M(C)
HL-DVR-2XXG-M(C)
HW-HWD-51XXH(S)
HW-HWD-51XXH-G
HW-HWD-51XXMH-G
iDS-71xxHQH-M(C)
iDS-71xxHQH-M(E)
iDS-72xxHQH-M/E(C)
iDS-72xxHQH-M/E(E)
HL-DVR-2XXQ-M(C)
HL-DVR-2XXQ-M(E)
HW-HWD-61XXMH-G4
HW-HWD-61XXMH-G4(E)
iDS-71xxHUH-M(C)
iDS-72xxHUH-M/E(C)
iDS-71xxHUH-M(E)
iDS-72xxHUH-M/E(E)
HL-DVR-2XXU-M(C)
HL-DVR-2XXU-M(E)
HW-HWD-71XXMH-G4
HW-HWD-71XXMH-G4(E)

If your NVR / DVR is on this list, please check for new firmware and update your device:

https://www.hikvision.com/en/support/download/firmware/

For a problem-free update, please follow our detailed step-by-step guide carefully - How to update your Hikvision firmware

If you encounter any problems / have questions, please don't hesitate to contact us.
Hikvision have provided us with nominated specific individuals to contact, if necessary (e.g. their Cyber Security Director).

 

[fullboogie]

@Phil does this update have anything to do with the problems outlined in this article? See paragraph three. There sure aren't a lot of NVR manufacturers and that's one of the devices affected by this new vulnerability:

Thousands of routers and cameras vulnerable to new 0-day attacks by hostile botnet

Internet scans show 7,000 devices may be vulnerable. The true number could be higher.

arstechnica.com

 

[Phil]

No, I don't think it is directly related.
What you have linked to is a new exploit/vulnerability.
The NVR manufacturer has not yet been declared, but has been informed and is working on a fix.
The crux of this new vulnerability seems to be a commonly used user name (such as admin) AND an easily guessed password.

Hikvision SHOULD force everybody to set a user name at first start-up, unfortunately they still do not.

Tips for hardening Hikvision devices against cyber attacks - my tuppence on Passwords

Hikvision have recently posted the below new article with five tips to help you harden your Hikvision devices against cyber attack: Five tips for hardening your security devices and networks I just want to add my thoughts to their point number 1 - Passwords. a) The UK NCSC do NOT encourage...

www.use-ip.co.uk

EVERYBODY should use a strong password.
We have used LastPass at use-IP for many years to ensure the use of unique strong passwords for EVERY login (devices and websites).