A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.
https://securityaffairs.com/159197/cyber-crime/feds-dismantled-moobot-botnet.html
https://therecord.media/experts-warn-of-widespread-exploitation-involving-hikvision-cameras/