CVE-2021-36260CISA KEV: Actively Exploited

Hikvision Improper Input Validation

Published Jan 10, 2022·Updated Jan 10, 2022

Description

A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation.

Public Exploits & PoCs11 found

PoC: CVE-2021-36260

command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

165

PoC: HikvisionExploiter

HikvisionExploiter is a Python-based utility designed to automate exploitation and directory accessibility checks on Hikvision network cameras exploiting the Web interface Version 3.1.3.150324 + CVE-2021-36260 Detection

89

PoC: CVE-2021-36260-metasploit

the metasploit script(POC) about CVE-2021-36260

14

PoC: CVE-2021-36260

CVE-2021-36260

14

PoC: CheckHKRCE

CVE-2021-36260

1

PoC: HikvisionExploiter_fixed

HikvisionExploiter - это Python утилита созданная для автоматизации сканирования и проверки прямого доступа к сети камер Hikvision, нацеленная на поиск уязвимости Web interface версии 3.1.3.150324 + CVE-2021-36260

PoC: hikvision-unauthenticated-rce-cve-2021-36260

海康威视RCE漏洞 批量检测和利用工具

PoC: hikvision_brute

Brute Hikvision CAMS with CVE-2021-36260 Exploit

PoC: hikvision_brute-jnrxx

Brute Hikvision CAMS with CVE-2021-36260 Exploit

PoC: hikvision_brute

Brute Hikvision CAMS with CVE-2021-36260 Exploit

PoC: CVE-2021-36260

海康威视RCE漏洞 批量检测和利用工具

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free