Security Experts:

Connect with us

Hi, what are you looking for?


IoT Security

Critical Vulnerability in Hikvision Wireless Bridges Allows CCTV Hacking

Chinese video surveillance company Hikvision has patched a critical vulnerability in some of its wireless bridge products. The flaw can lead to remote CCTV hacking, according to the researchers who found it.

Chinese video surveillance company Hikvision has patched a critical vulnerability in some of its wireless bridge products. The flaw can lead to remote CCTV hacking, according to the researchers who found it.

In an advisory published on December 16, Hikvision revealed that two of its wireless bridge products, designed for elevator and other video surveillance systems, are affected by CVE-2022-28173, a critical access control vulnerability.

The security hole can be exploited by sending specially crafted messages to affected devices, allowing the attacker to gain administrator permissions.

Hikvision wireless bridge vulnerable to hacker attacksFirmware patches have been made available for DS-3WF0AC-2NT and DS-3WF01C-2N/O products. The issue was reported to the vendor in September through CERT India and a patch was released earlier this month.

Souvik Kandar and Arko Dhar of India-based CCTV and IoT cybersecurity company Redinent Innovations have been credited for reporting the vulnerability.

In an advisory published this week, Redinent explained that the flaw is caused by improper parameter handling by the product’s web-based management interface. An attacker can exploit the weakness to gain admin access to the management interface by sending a specially crafted request with a payload that does not exceed 200 bytes.

“Post exploitation, the administrative session persists with full access to all functions of the bridge interface,” the advisory explains.

Redinent’s Arko Dhar told SecurityWeek that CVE-2022-28173 can be exploited from the local network by an insider or a threat actor that has gained access to the organization’s network, and directly from the internet if a vulnerable device is exposed to the web.

According to Dhar, Shodan and Censys searches do show such devices being directly accessible from the internet, and they are likely vulnerable if they haven’t been patched.

Once the attacker has successfully exploited the vulnerability, they can intercept network traffic or hack CCTV systems.

“Typically these devices are used for transmission of CCTV video streams from cameras inside an elevator to a command center or security operations console,” the researcher explained. “An attacker can disable or shut down the video feed as part of a planned physical incident — for example, coordinated robbery or theft — or snoop on people.”

In a notification sent to partners, Hikvision clarified that products offered in the US market are not impacted by the vulnerability.

The United States recently restricted the use of China-made video surveillance systems, including ones made by Hikvision, citing an “unacceptable risk” to national security.

Hikvision’s notification to partners regarding CVE-2022-28173 noted that the company is committed to working with third-party researchers to patch vulnerabilities in its products.

In addition, the notification informs partners, “Hikvision strictly complies with the laws and regulations in all countries and regions where we operate and we apply the highest standards of cybersecurity practices in an effort to best protect the users of Hikvision products around the world.”

Related: CISA Warns of Hikvision Camera Flaw as U.S. Aims to Rid Chinese Gear From Networks

Related: Over 80,000 Unpatched Hikvision Cameras Exposed to Takeover

Related: Many Hikvision Cameras Exposed to Attacks Due to Critical Vulnerability

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.