A critical cybersecurity vulnerability affecting multiple surveillance devices manufactured by Hikvision could allow attackers to bypass authentication and gain unauthorized administrative access to security systems.
The flaw, tracked as CVE-2017-7921, has recently been added to the Known Exploited Vulnerabilities (KEV) catalog by the Cybersecurity and Infrastructure Security Agency, signalling that the vulnerability is actively being exploited in real-world cyberattacks.
FCRF Launches Flagship Certified Fraud Investigator (CFI) Program
Authentication bypass enables full system access
The vulnerability stems from an improper authentication mechanism, which allows malicious users to bypass login security checks on affected devices.
By sending specially crafted requests to vulnerable systems, attackers can access the device without valid credentials and escalate privileges to gain administrative control.
Once exploited, attackers may be able to:
- Access live surveillance camera feeds
- Download stored video recordings
- Extract configuration files containing passwords or network details
- Modify device settings or user accounts
Cybersecurity researchers warn that compromised cameras could also serve as a gateway for deeper intrusions into corporate networks.
Surveillance devices pose broader security risk
Because many surveillance cameras are connected directly to internal networks, hackers could use compromised devices to monitor facilities or move laterally across systems.
Security experts note that Internet-connected Internet of Things (IoT) devices like security cameras are frequently targeted by attackers as entry points for larger cyberattacks.
In some cases, attackers may use hijacked devices to observe internal activity or launch further attacks on company servers and employee systems.
Authorities issue urgent security warning
The U.S. cybersecurity agency has set March 26, 2026, as the deadline for federal agencies to address the vulnerability and secure affected systems.
Organizations have been advised to:
- Identify any Hikvision hardware on their networks
- Install the latest firmware updates or security patches
- Remove or replace devices that no longer receive updates
Security teams are also being urged to audit network configurations and monitor unusual activity involving surveillance systems.
FutureCrime Summit 2026: Registrations to Open Soon for India’s Biggest Cybercrime Conference
Growing concerns over IoT security
Hikvision products are widely used in commercial buildings, government facilities and residential security systems around the world.
Experts say vulnerabilities in widely deployed surveillance devices highlight the growing need for stronger cybersecurity controls in connected security infrastructure.
Failure to patch such vulnerabilities could expose organizations to data breaches, surveillance risks and broader network compromises.
About the author – Rehan Khan is a law student and legal journalist with a keen interest in cybercrime, digital fraud, and emerging technology laws. He writes on the intersection of law, cybersecurity, and online safety, focusing on developments that impact individuals and institutions in India.
