Severe Hikvision HikCentral Product Flaws What You Need to Know

Hikvision HikCentral flaw allows unauthenticated users to gain admin rights, risking full control over configs, logs, and critical monitoring.

One of them was rated as high severity, and it stands out because it allows an unauthenticated user to escalate privileges and ultimately gain administrative access to the system. When attackers can elevate their privileges without even logging in, they essentially hold the keys to the entire environment. That creates a direct path to manipulating configurations, tampering with logs, or even shutting down critical monitoring functions.

HikCentral serves as the backbone for many organizations’ security infrastructure. Companies rely on it to manage surveillance cameras, control building access, and integrate data from multiple devices into one cohesive platform. An attacker can exploit the privilege escalation flaw to take over these functions. Once an attacker elevates privileges, they can act as an administrator, install malware, create hidden accounts, or exfiltrate sensitive information. Imagine a scenario where an attacker disables cameras during a physical intrusion, unlocks restricted doors, or modifies audit trails to hide evidence. This scenario poses a serious threat to the safety and business continuity of the impacted organizations.

To read the complete article see: Security Affairs