Multiple Hikvision Product Vulnerabilities Allow Attackers to Escalate Privileges

The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical Hikvision vulnerability to its Known Exploited Vulnerabilities (KEV) catalog after confirming active exploitation in the wild.

The flaw, tracked as CVE-2017-7921, affects multiple Hikvision surveillance cameras and network video recorder (NVR) models, allowing attackers to gain unauthorized access and escalate privileges.

This update, announced on March 5, 2026, signals renewed concern within the security community as hackers target vulnerable devices to gain control over surveillance networks.

The vulnerability originates from an improper authentication mechanism (CWE-287) that enables threat actors to completely bypass login requirements, giving them direct administrative access without legitimate credentials.

Understanding the Exploitation Risk

Once exploited, attackers can take full control of the affected device, view live video streams, download past recordings, and even manipulate surveillance configurations.

Beyond compromising physical security, hackers can leverage these compromised cameras to move laterally within internal networks, using them as potential entry points for broader intrusions.

Although first discovered several years ago, CVE-2017-7921 has resurfaced as threat actors increasingly exploit outdated IoT surveillance systems.

Hikvision devices, often located on the outer edge of corporate and government networks, present ideal targets for opportunistic attackers seeking privileged access to sensitive environments.

Security researchers have not yet confirmed whether ransomware operators are actively incorporating this vulnerability into their extortion tactics, but the reemergence of CVE-2017-7921 in CISA’s KEV database suggests growing offensive use cases.

In response, CISA has mandated all Federal Civilian Executive Branch (FCEB) agencies to mitigate the issue no later than March 26, 2026, as part of Binding Operational Directive (BOD) 22-01.

The directive requires affected federal entities to identify vulnerable products, deploy vendor-supplied patches, and verify that all devices are securely updated.

CISA also strongly urges private-sector organizations, particularly those managing surveillance infrastructure act immediately. Recommended defensive actions include:

• Conducting a full inventory of Hikvision hardware.
• Applying the latest firmware updates and vendor mitigations.
• Isolating surveillance systems from core business networks.
• Disconnecting or replacing unpatchable or unsupported devices.

Failure to take swift action leaves organizations exposed to potential network compromise, unauthorized surveillance access, and further propagation of cyberattacks within internal systems.

The agency emphasizes that inclusion in the KEV catalog denotes verified evidence of active exploitation, making this vulnerability a top-priority patching item.

Timely remediation remains critical for organizations relying on Hikvision products to maintain both digital and physical security assurance.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.

The post Multiple Hikvision Product Vulnerabilities Allow Attackers to Escalate Privileges appeared first on Cyber Security News.