Hikvision has released information about a vulnerability found in many of their IP cameras, NVRs and IP camera kits. This is a "command injection vulnerability" in the built-in web server of these products. An attacker with access to the web interface could send malicious commands that could compromise these devices. This has been documented with CVE ID: CVE-2021-36260.
All Hikvision IP camera & NVR owners, users and installers are strongly suggested to check if their model is impacted and update their firmware to a patched version. In particular, affected models that have ports forwarded from the Internet would be the most vulnerable as it exposes the device directly to remote Internet access.
For models that support P2P remote access we strongly advise against using port forwarding as a means for remote access as port forwarding directly exposes devices to the Internet. Instead, P2P allows the NVR or camera to "push" access through a cloud service instead of exposing ports.
Please read the Hikvision security release found here:
Note: Updating firmware incorrectly on ANY electronic device can "brick" devices rendering them inoperative. The manufacturer may not cover this under warranty (this is their sole determination). It's important to ensure that you completely understand and carefully follow the instructions when performing a firmware update. That includes but is not limited to ensuring you are applying the correct firmware update, and ensuring that power is not lost to the product and it is not disconnected while in the process of updating.
(we have also attached the guide to this article)