IP cameras from manufacturer Hikvision can be remotely taken over through a serious security vulnerability, after which the underlying network can be attacked. Hikvision has released firmware updates. In addition, the vulnerability is also present in IP cameras that Hikvision manufactures but that other manufacturers offer under their own name. It is unknown if updates are available for these cameras. The vulnerability is present in the web server of the IP cameras and is caused by insufficient control of the input. By sending specially crafted messages it is possible for an unauthenticated attacker to get an unrestricted root shell. This gives the attacker further access than the user himself, who only has access to a “protected shell”. The only condition to carry out the attack is that an attacker has access to the IP camera. No password or user interaction is required. The attacker has full control over the IP camera via the root shell and can thus watch.