Products Update

HIKVISION MPORTANT PRODUCT FIRMWARE UPDATE

On 26 September 2021 Hikvision has issued updated firmware on our website:

https://www.hikvision.com/au-en/support/cybersecurity/security-advisory/security-notification-command-injection-vulnerability-in-some-hikvision-products/

https://www.hikvision.com/au-en/support/download/firmware

that fixes a critical Command Injection Vulnerability in the webserver of some Hikvision products. The list of products affected by the vulnerability can be accessed through the Security Advisory on our website.

With this vulnerability we wanted to provide you the details and timeline to reassure you that Hikvision’s commitment to cybersecurity is strong. In June 2021, Hikvision was contacted by a security researcher, named Watchful IP, who reported a potential vulnerability in a Hikvision camera. Once we confirmed receipt of this report, Hikvision worked directly with the researcher to patch and verify the successful mitigation of the reported vulnerability, following the standard Coordinated Disclosure Process.

To date, the vulnerabilities that have been reported to Hikvision and/or made publicly known, have been patched in the latest Hikvision firmware, which is readily available on the Hikvision website.

In addition, Hikvision is a CVE Numbering Authority (CNA) and has committed to continuing to work with third-party white-hat hackers and security researchers, to find, patch, disclose and release updates to products in a timely manner that is commensurate with our CVE CNA partner companies' vulnerability management teams.

Hikvision strictly complies with the applicable laws and regulations in all countries and regions where we operate and our efforts to ensure the security of our products go beyond what is mandated.