Hikvision Hybrid SAN Ds-a71024 firmware suffers from a remote blind SQL injection vulnerability.
9004daadddb908c449ed0c8cd1fe390b2183ffaa2fea3b3933f83d62aba1e09c
Some Hikvision Hybrid SAN products were vulnerable to multiple remote code execution (command injection) vulnerabilities, including reflected cross site scripting, Ruby code injection, classic and blind SQL injection resulting in remote code execution that allows an adversary to execute arbitrary operating system commands and more. However, an adversary must be on the same network to leverage this vulnerability to execute arbitrary commands.
9ef9e4e937841d3becdae9ba498b3199c7ac7dfcaea39831e8e5a468cd2d8f10