These probes appear to be related to a remote code execution (RCE) vulnerability (CVE-2021-36260) impacting Hikvision's popular Internet of things (IoT) security camera. If exploited by unauthenticated malicious actors, it could lead to full control over targeted devices and possibly internal networks. Shodan statistics have identified over 3.2 million camera on the internet. Hikvision released an advisory on 2021-09-19 and recommend that any version dated earlier than 210628 to install the updates immediately. Sample Log 20211115-033051: 192.168.25.9:81-185.53.90.110:43842 data <?xml version=\\"1.0\\" encoding=\\"UTF-8\\"?> Indicators 50.31.21.7 Information on how to update the security camera available here. [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36260 ----------- |
Guy 523 Posts ISC Handler Nov 20th 2021 |
Thread locked Subscribe |
Nov 20th 2021 7 months ago |
Sign Up for Free or Log In to start participating in the conversation!