Yes. Hilook cameras generally start with IPC- prefix, e.g., see screencap attached from Value Cameras The Hikvision disclosure says "IPC-xxxx" are impacted. I don't know all the model numbering of Hilook but minimally those IPC- ones are listed as impacted.
Perhaps mods can move it .Hi - I did think about posting in the cyber security thread but I don't think it would have been seen by as many people with Hikvision cameras/NVRs. I'll make a quick post there now, though if that's against forum rules (duplicate post) mods feel free to delete
I'm not familiar with Hilook sorry.
Be aware though that on the R0 cameras, any firmware that's older than 5.4.5 will have the 'Hikvision backdoor' vulnerability making it readily hacked if exposed.
3-4 year old firmware..
That backdoor can be used for multiple purposes - such as list/change/add users for example.
Thank you (IPVM) for not putting something as important as this behind your website's paywall!
Here ya go bro hopes that helps
"Only access to the http(s) server port (typically 80/443) is needed. "
In general, if a product has a webserver it can be running on the typical ports .. 80, 8000, 8080 .. often I see systems which have less resources only using one webserver software for multiple ports ..
I appreciate a reply from the authority here—thank you. “Only access” is quite different from “this vulnerability is limited to the web server that is normally exposed on ports 80 and 443,” but I grasp what you highlighted.
www.securityinfowatch.com
portswigger.net
Hm, don't remember that I saw IPC_R2 there before, but maybe I have bad memory...
