HikVision DaVinci Wi-Fi hack vulnerability

[Phil]

We are just now learning of a vulnerability in HikVision wireless cameras where the Wi-Fi has not been used.
The cameras ship with a default wi-fi network connection configured - which uses the SSID davinci.
It is possible for somebody to configure such a network and gain access to the unused/default wi-fi connection to the camera.

If you have such a HikVision wireless camera:
Step 1 - Please update it to the latest available firmware
Step 2 - disable the Wi-Fi / remove the default SSID

Full vulnerability disclosure details here - Full Disclosure: CVE-2017-14953 - Hikvision Wi-Fi IP Cameras associate to a default unencrypted rogue SSIDs in a wired configuration

HikVision's product advisory notice on this davinci wireless vulnerability is attached below.

Hat tip to IPVM.com:
Hikvision Vulnerability Permits Wi-Fi Attack

 

[Mal]

Hi, This new vulnerability is just too bad a new entry in the recent sequence of Hikvision's hidden features and capabilities
I tried this with one DS-2CD2022F-IW with a slightly obsolete firmware. It logged in fluently with my rogue davinci wi-fi test network. Then it was very easy to use the previously reported backdoor and bypass all authentication and take e.g. this snapshot. Upgrading to the latest available firmware V5.4.5 closes the backdoor but leaves this wi-fi issue open.
Additionally, the other default settings include UPnP ON and depending on the router settings this can open the access from outside.

 

[Phil]

Yes, agreed it is very unfortunate.
I believe they are working on an update for the Wi-Fi vulnerability.
All we can do at the moment is make our customers and forum users aware of the issues.
Thanks for your input.