Many Hikvision IP cameras contain improper authentication logic which allows unauthenticated impersonation of any configured user account. The vulnerability has been present in Hikvision products since 2014. In addition to Hikvision-branded devices, it affects many white-labeled camera products sold under a variety of brand names. Hundreds of thousands of vulnerable devices are still exposed to the Internet at the time of publishing (shodan search: "App-webs" "200 OK"). Some of these devices can never be patched due to to the vendor preventing users from upgrading the installed firmware on the affected device. This Metasploit module utilizes the bug in the authentication logic to perform an unauthenticated password change of any user account on a vulnerable Hikvision IP Camera. This can then be utilized to gain full administrative access to the affected device.
579537dec2e2ec193453c142354be2f4c39a365281bec393b39c7a7710d9562e
Many Hikvision IP cameras have improper authorization logic that allows unauthenticated information disclosure of camera information, such as detailed hardware and software configuration, user credentials, and camera snapshots. The vulnerability has been present in Hikvision products since 2014. In addition to Hikvision-branded devices, it affects many white-labeled camera products sold under a variety of brand names. Hundreds of thousands of vulnerable devices are still exposed to the Internet at the time of publishing (shodan search: "App-webs" "200 OK"). This Metasploit module allows the attacker to retrieve this information without any authentication. The information is stored in loot for future use.
1f5499387f298a518796e9593bfec804a68336af819f18d7706d318ae52db4d8