CISA Adds Critical Hikvision Vulnerability to Exploited Flaws Catalog After Active Attacks
On March 5, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2017-7921, a severe authentication bypass flaw in Hikvision surveillance products, to its Known Exploited Vulnerabilities (KEV) catalog. The move follows confirmation that threat actors are actively exploiting the vulnerability in real-world attacks.
The flaw, classified as CWE-287 (Improper Authentication), affects Hikvision cameras and network video recorders, allowing attackers to bypass login requirements entirely. Once exploited, hackers gain full administrative control, enabling them to access live and recorded video feeds, extract sensitive operational data, and use compromised devices as a foothold to infiltrate broader corporate networks.
While the vulnerability was initially discovered years ago, its inclusion in the KEV catalog signals a resurgence in active exploitation. Security analysts have not confirmed whether ransomware groups are leveraging the flaw, but its severity has prompted urgent action.
Under Binding Operational Directive (BOD 22-01), federal agencies must remediate the issue by March 26, 2026. CISA has also urged private-sector organizations to prioritize patching, recommending immediate firmware updates, network isolation of surveillance systems, and if patching is impossible permanent disconnection of vulnerable devices.
The flaw’s exploitation underscores the risks posed by unpatched edge devices, particularly in critical infrastructure and enterprise environments.
Source: https://gbhackers.com/hikvision-multiple-product-vulnerability/
Hikvision cybersecurity rating report: https://www.rankiteo.com/company/hikvision
"id": "HIK1773044701",
"linkid": "hikvision",
"type": "Vulnerability",
"date": "3/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Federal agencies, '
'private-sector organizations, '
'critical infrastructure, '
'enterprise environments',
'industry': 'Surveillance Technology',
'name': 'Hikvision',
'type': 'Company'}],
'attack_vector': 'Authentication Bypass',
'data_breach': {'sensitivity_of_data': 'High (surveillance data, potential '
'corporate network access)',
'type_of_data_compromised': 'Video feeds, operational data'},
'date_detected': '2026-03-05',
'description': 'CISA added CVE-2017-7921, a severe authentication bypass flaw '
'in Hikvision surveillance products, to its Known Exploited '
'Vulnerabilities (KEV) catalog following confirmation of '
'active exploitation. The flaw allows attackers to bypass '
'login requirements and gain full administrative control over '
'affected devices, enabling access to live/recorded video '
'feeds, sensitive data extraction, and network infiltration.',
'impact': {'data_compromised': 'Live and recorded video feeds, sensitive '
'operational data',
'operational_impact': 'Full administrative control of devices, '
'potential network infiltration',
'systems_affected': 'Hikvision cameras and network video '
'recorders'},
'investigation_status': 'Active exploitation confirmed, ongoing analysis',
'lessons_learned': 'Risks posed by unpatched edge devices, particularly in '
'critical infrastructure and enterprise environments',
'post_incident_analysis': {'corrective_actions': 'Firmware updates, network '
'isolation, device '
'disconnection if necessary',
'root_causes': 'Unpatched vulnerability '
'(CVE-2017-7921), improper '
'authentication mechanism'},
'recommendations': 'Prioritize patching, apply firmware updates, isolate '
'vulnerable systems, disconnect devices if patching is '
'impossible',
'references': [{'date_accessed': '2026-03-05',
'source': 'CISA Known Exploited Vulnerabilities Catalog'}],
'regulatory_compliance': {'regulatory_notifications': 'Binding Operational '
'Directive (BOD 22-01) '
'for federal agencies'},
'response': {'containment_measures': 'Network isolation of surveillance '
'systems, permanent disconnection of '
'vulnerable devices if patching is '
'impossible',
'remediation_measures': 'Immediate firmware updates'},
'stakeholder_advisories': 'Federal agencies must remediate by March 26, 2026; '
'private-sector organizations urged to prioritize '
'patching',
'title': 'CISA Adds Critical Hikvision Vulnerability to Exploited Flaws '
'Catalog After Active Attacks',
'type': 'Vulnerability Exploitation',
'vulnerability_exploited': 'CVE-2017-7921 (CWE-287: Improper Authentication)'}