Unplug and update your Hikvision security cameras and NVRs now

Disclosure: This post contains affiliate links. If you click through and make a purchase, I will earn a commission, at no additional cost to you. Read my full disclosure here.

In an unprecedented security alert, over 100 million Hikvision devices, encompassing security cameras and Network Video Recorders (NVRs), have been identified as harbouring the “highest level of critical vulnerability.” For owners of Hikvision equipment with internet access, the directive is clear and urgent: disconnect these devices from your network and promptly apply a firmware update to safeguard your privacy.


Internet Access: A Gateway for Intruders

Hikvision's security cameras have gained traction for their affordability and compatibility with Real Time Streaming Protocol (RTSP), facilitating smooth integration with Home Assistant and NVR applications like Blue Iris and Frigate. Many users, understanding the inherent security risks, wisely segregate these devices on a dedicated VLAN, effectively barring internet access. Yet, a significant portion of users, perhaps unaware of these precautions, remain exposed to potential privacy breaches.

Unravelling the Severity of the Hikvision Security Flaw

The discovered security flaw in Hikvision devices is alarmingly severe, eclipsing past vulnerabilities seen in other security camera systems, including eufy. According to Hikvision, this vulnerability allows unauthorized access to your security devices without needing a username or password, bypassing any form of logging that could alert the owner.

“Only access to the http(s) server port (typically 80/443) is needed. No username or password needed, nor any actions need to be initiated by camera owner. It will not be detectable by any logging on the camera itself,” a Hikvision spokesperson explained.

Credit for uncovering this critical flaw goes to Watchful_IP, a security researcher specializing in ARM-based IoT systems. Their discovery prompted Hikvision to swiftly release firmware updates to mitigate the issue.

Reassessing Hikvision's Position in Your Security Setup

The background of Hikvision, officially Hangzhou Hikvision Digital Technology Co., Ltd., owned by the Chinese government, raises significant ethical and security concerns. The company has faced sanctions from the U.S. government and scrutiny over its equipment's use in monitoring activities in Xinjiang.

It has been reported that Hikvision supplies “thousands of cameras that monitor mosques, schools, and concentration camps in Xinjiang”. The European Union has banned any Hikvision products from being used on any of the parliament's premises, due to the unacceptable risk that the manufacturer “contributing to serious human rights abuses”. Furthermore, in June 2021, South Korea banned their products for one year and the Indian Navy has destroyed and replaced their existing Hikvision security cameras.

IPMV.com, who reported on the current security vulnerability, has long been critical of Hikvision. They claim that the Chinese Central Government created and controls the company. They also conclude that Hikvision is all too keen to obscure that fact. The choice whether you buy their products is yours, but keep these few paragraphs in the back of your mind when you do so.


This urgent call to action for Hikvision device owners underscores the importance of staying vigilant and proactive in securing digital and physical assets. By updating your Hikvision devices promptly and reevaluating their place in your security setup, you can better protect your privacy and align your choices with broader ethical considerations.

A portrait photo oif Liam Alexander Colman, the author, creator, and owner of Home Assistant Guide wearing a suit.

About Liam Alexander Colman

is an experienced Home Assistant user who has been utilizing the platform for a variety of projects over an extended period. His journey began with a Raspberry Pi, which quickly grew to three Raspberry Pis and eventually a full-fledged server. Liam's current operating system of choice is Unraid, with Home Assistant comfortably running in a Docker container.
With a deep understanding of the intricacies of Home Assistant, Liam has an impressive setup, consisting of various Zigbee devices, and seamless integrations with existing products such as his Android TV box. For those interested in learning more about Liam's experience with Home Assistant, he shares his insights on how he first started using the platform and his subsequent journey.

Leave a comment

Share to...