Recent content by BertCCTV

Based on information posted on the dark web (e.g DeepPaste with a NSFW language warning) it sounds like a wide range of DVRs and IP cameras are being targeted. If you don't have a firmware that's newer than April 2017 your camera or DVR will be vulnerable to being reset, reconfigured or bricked...

Based on information posted on the dark web (e.g DeepPaste) it sounds like a wide range of DVRs and IP cameras are being targeted. If you don't have a firmware that's newer than April 2017 your camera or DVR will be vulnerable to being reset, reconfigured or bricked. As Dodutils said welcome to...

I don't know if the info that's been spreading on the dark web about these attacks is accurate, but if it is then for the Hikvisions it can only be one of three things: Common password used on some common web port, vulnerable to the Montecrypto thing, or telnet exposed. If none of the three...

Do you by any chance use a simple password on the unit?

Those are the original statements from March and May.

Ok. I'd like to make another point though.. If there's (as you say) reason to believe that there are so many vulnerable cameras out there still - and especially if the cameras are being attacked - should Hikvision not issue a public warning about it? As far as I can tell the company hasn't said...

Wait a minute. You previously said that you've been aware of this vulnerability for 2 years. Now you're also saying that you know for a fact that hundreds of thousands of cameras are being reset as a result of Montecrypto's disclosure. How exactly would you know that? Sounds a little suspicious...

Sorry if I'm being unfair, but how useful is your help exactly if you found this bug 2 years ago and couldn't get Hikvision to fix it? It's a serious bug and the sooner vulnerable units are updated the better. Montecristo did the right thing by forcing Hikvision to improve the security of this...

Thanks for publishing this. I looked at your findings and tested them against an unpatched Hikvision system I had on hand. You mentioned that "all other HikCGI calls" are vulnerable to the auth bypass but did you actually test ones like the factoryReset one? From what I can see only the ones...

I meant, if your camera's IP is for example 192.168.1.100 you would try requesting http://192.168.1.100/current_config/passwd in a browser on the same LAN. Vulnerable firmwares will return the user database with password hashes. If the camera web port is accessible to the entire Internet (uPNP...

Does your camera allow you to get the login database by requesting http://<camera ip>/current_config/passwd ? If so it could be a target for WAN-based attacks (or I guess even targeted by some malware that's resident on your own LAN). It's worth checking your router DMZ and PnP settings (both...