On November 13, 2018, the details of a vulnerability involving certain Hikvision video surveillance products, that could potentially present a cybersecurity risk, have been disclosed by an Israeli cybersecurity company named VDOO.
Not rendering correctly? View this email as a web page here.

Special-Bulletin_Header.png

Dear Valued Customers and Partners:

On November 13, 2018, the details of a vulnerability involving certain Hikvision video surveillance products, that could potentially present a cybersecurity risk, have been disclosed by an Israeli cybersecurity company named VDOO.

Earlier this year, Hikvision was made aware of this vulnerability. In the interest of protecting our customers from any potential cybersecurity threats, Hikvision had proactively and promptly corrected the vulnerabilities in the latest version of its firmware and released the Firmware Update Notification on August 13, 2018 to advise all users of the affected cameras to download the latest firmware updates. Since August 13, 2018, Hikvision has sent multiple notices, similar to the message below, to remind customers to update firmware.

The buffer overflow vulnerability in the web server of some of Hikvision cameras allows an attacker to send a specially crafted message to affected devices. Due to the insufficient input validation, successful exploit can corrupt memory and lead to arbitrary code execution or crash the process.

As VDOO recognized, this vulnerability was not exploited in the field, and did not lead to any concrete privacy violation or security threat to Hikvision customers. They also acknowledged that ‘the Hikvision team acted promptly to patch this vulnerability and to push the patched version to the vulnerable products.’

What should you do if your products are affected?

Users should download and install the updated firmware—which has been available on the Hikvision official website since August 13, 2018—to guard against these potential vulnerabilities: http://www.hikvision.com/en/Support/Cybersecurity-Center/Security-Advisory/431181228784397

  1. Please refer to the table in the above link to confirm whether your products are affected.
  2. Install the latest version of patched firmware.
  3. Ensure that all devices are appropriately protected using cybersecurity best practices.

Thank you for your patience and continued support as we work through these security issues. As your trusted partner, it is our responsibility to be vigilant and transparent about cybersecurity threats, to keep you informed, and to employ the industry's best practices. We encourage our partners to take advantage of the many cybersecurity resources Hikvision offers, including the Hikvision Cybersecurity Center - an industry-leading cybersecurity resource. At the center you can find detailed information about the Hikvision Network and Information Security Lab, third-party and internal testing, and third-party certifications.

If you have a security problem or concern, please contact Hikvision Security Response Center at hsrc@hikvision.com. Additionally, customers can also contact Tech Support or their Hikvision representative anytime with any questions.

Kind Regards,

Hikvision Security Response Center


About Hikvision

Hikvision is a leading provider of artificial intelligence, machine learning, robotics and other emerging technologies, and is the world’s largest video surveillance manufacturer. Featuring an extensive and highly skilled R&D workforce, Hikvision manufactures a full suite of comprehensive products and solutions for a broad range of vertical markets. Beyond security, Hikvision products provide important data and business intelligence for end users, which can be used to enable greater commercial success and more efficient operations. Committed to the utmost quality and safety of its products, Hikvision encourages partners to take advantage of the many cybersecurity resources Hikvision offers, including the Hikvision Cybersecurity Center.



Hikvision USA Inc. | sales.usa@hikvision.com | www.hikvision.com
18639 Railroad St. City of Industry, CA  91748 USA
####