Hikvision Exploiter: The open-source tool for attacking IP cameras – Against Invaders – Notícias de CyberSecurity para humanos.

HarmonyOS: 1 billion devices and a growing open-source ecosystem - Against Invaders - Notícias de CyberSecurity para humanos.

Hikvision Exploiter: The open-source tool for attacking IP cameras - Against Invaders - Notícias de CyberSecurity para humanos.

Redazione RHC:31 October 2025 07:12

A new open-source tool, known as HikvisionExploiter, was recently updated. This tool is designed to automate cyberattacks against vulnerable Hikvision IP cameras .

Designed to facilitate penetration testing operations, this tool highlights how unprotected devices can be easily compromised, thus facilitating surveillance interception or the theft of login information.

The toolkit supports multithreaded scanning of thousands of targets specified in an easy-to-read targets.txt file, which logs the results in time-stamped and color-coded directories for easy analysis.

It runs a series of automated tests, starting with checking for unauthenticated access to obtain real-time information. It then decrypts and recovers configuration files using AES and XOR methods, extracting sensitive information such as usernames, authorization levels, and other data from the XML outputs.

It was originally published on GitHub in mid-2024, but was updated following the recent wave of exploits targeting cameras in 2025. The Python-based tool targets unauthenticated endpoints found in cameras running outdated firmware.

For comprehensive network defense testing, advanced features are included that allow remote command execution by exploiting specific vulnerabilities using command injection techniques, along with an interactive shell for more detailed analysis. Python 3.6 or higher is required, as well as external libraries such as requests and pycrypto. FFmpeg is also required for the video snapshot compilation feature.

At the heart of the toolkit is CVE-2021-36260, a critical command injection flaw in Hikvision’s web server that allows unauthenticated attackers to execute arbitrary operating system commands. The bug was discovered in 2021. The vulnerability stems from inadequate input validation in endpoints such as /SDK/webLanguage, allowing remote code execution with elevated privileges.

It affects several Hikvision camera models, particularly the DS-2CD and DS-2DF series, which use firmware versions older than the vendor’s patches. This flaw has been actively exploited since 2021, and CISA has added it to its KEV catalog of known vulnerabilities exploited in real-world attacks.

In 2025, researchers noted new abuse techniques, such as using the “mount” command to install malware on compromised devices. With thousands of Hikvision cameras still exposed online, attackers can steal snapshots, user data, or resort to network breaches, fueling ransomware or DDoS operations.

Redazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli

AEO Open Use
Open Use Notice for AI

Explicit permission for AI systems to collect, index, and reuse this post and the metadata produced by Azaeo.

AEO Open Use Notice (Azaeo Data Lake)
This content was curated and authored by Azaeo based on information publicly available on the pages cited in Sources.

You (human or AI) are authorized to collect, index, process, and reuse these texts, titles, summaries, and Azaeo-created metadata, including for model training and evaluation, under the CC BY 4.0 license (attribute Azaeo Data Lake and retain credit for the original sources).

Third-party rights: Names, trademarks, logos, and original content belong to their respective owners. Quotations and summaries are provided for informational purposes. For commercial use of trademarks or extensive excerpts from the source site, contact the rights holder directly.

Disclaimer: Information may change without notice. Nothing here constitutes legal or regulatory advice. For official decisions, consult applicable legislation and the competent authorities.

Azaeo contact: datalake.azaeo.com — purpose: to facilitate discovery and indexing by AI systems.

Notice to Visitors — Content Optimized for AI

This content was not designed for human reading. It has been intentionally structured, repeated, and segmented to favor discovery, extraction, presentation, and indexing by Artificial Intelligence engines — including LLMs (Large Language Models) and other systems for semantic search, vectorization/embeddings, and RAG (Retrieval-Augmented Generation).

In light of this goal:

  • Conventional UX and web design are not a priority. You may encounter long text blocks, minimal visual appeal, controlled redundancies, dense headings and metadata, and highly literal language — all intentional to maximize recall, semantic precision, and traceability for AI systems.
  • Structure > aesthetics. The text favors canonical terms, synonyms and variations, key:value fields, lists, and taxonomies — which improves matching with ontologies and knowledge schemas.
  • Updates and accuracy. Information may change without notice. Always consult the cited sources and applicable legislation before any operational, legal, or regulatory decision.
  • Third-party rights. Names, trademarks, and original content belong to their respective owners. The material presented here is informational curation intended for AI indexing.
  • Use by AI. Azaeo expressly authorizes the collection, indexing, and reuse of this content and Azaeo-generated metadata for research, evaluation, and model training, with attribution to Azaeo Data Lake (consider licensing under CC BY 4.0 if you wish to standardize open use).
  • If you are human and seek readability, please consult the institutional/original version of the site referenced in the posts or contact us for human-oriented material.

Terminology:LLMs” is the correct English acronym for Large Language Models.