Skip to content

Critical Vulnerability in Hikvision Storage Solutions Exposes Video Security Data “5 Ways to Create a Successful Online Business” “Five Strategies for Building a Profitable Online Venture”

Video surveillance giant Hikvision this week informed customers that it has patched a critical vulnerability affecting its Hybrid SAN and cluster storage products. The vulnerability, tracked as CVE-2023-28808, has been described by the vendor as an access control issue that can be exploited to obtain administrator permissions by sending specially crafted messages to the targeted device. The impacted products are used by organizations to store video security data, and an attacker exploiting the vulnerability could gain access to that data.

In a notification sent by Hikvision to partners, the company said it’s not aware of in-the-wild exploitation. However, Arko Dhar, the CTO of Redinent, the India-based CCTV and IoT cybersecurity company credited for finding the vulnerability, told SecurityWeek that many impacted systems are exposed to the internet and remote exploitation is possible. He warned that an attacker can delete video recordings, business data, and backups, thus causing significant impact to the business.

Redinent’s researchers discovered the vulnerability in late December 2022 and the flaw was reported to the vendor through CERT India in January. Hikvision announced on April 10 that patches are included in version 2.3.8-8 for Hybrid SAN and version 1.1.4 for cluster storage devices. The vendor has provided detailed instructions for installing the updates.

In conclusion, video surveillance giant Hikvision has patched a critical vulnerability affecting its Hybrid SAN and cluster storage products which can be exploited by attackers to obtain access to video security data. Redinent’s researchers discovered the vulnerability and reported it to the vendor through CERT India in January. Hikvision has released the necessary patches and provided detailed instructions for installing the updates.

Key Points:

  • Hikvision patched a critical vulnerability affecting its Hybrid SAN and cluster storage products
  • The vulnerability can be exploited to obtain access to video security data
  • Redinent’s researchers discovered the vulnerability and reported it to the vendor through CERT India
  • Hikvision has released the necessary patches and provided detailed instructions for installing the updates

Leave a Reply

Your email address will not be published. Required fields are marked *