what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed


Hikvision IP Camera Backdoor
Posted Mar 16, 2022
Authored by Sobhan Mahmoodi

Hikvision IP Camera has a backdoor where a magic string allows instant access regardless of authentication.

tags | exploit
SHA-256 | 5f6dfb93637a2bf560169ca8d350af523d2b8bf97671349af8d90046510d15a5

Related Files

Hikvision Remote Code Execution / XSS / SQL Injection
Posted Jan 31, 2023
Authored by Thurein Soe

Some Hikvision Hybrid SAN products were vulnerable to multiple remote code execution (command injection) vulnerabilities, including reflected cross site scripting, Ruby code injection, classic and blind SQL injection resulting in remote code execution that allows an adversary to execute arbitrary operating system commands and more. However, an adversary must be on the same network to leverage this vulnerability to execute arbitrary commands.

tags | advisory, remote, arbitrary, vulnerability, code execution, xss, sql injection, ruby
advisories | CVE-2022-28171, CVE-2022-28172
SHA-256 | 9ef9e4e937841d3becdae9ba498b3199c7ac7dfcaea39831e8e5a468cd2d8f10
Hikvision IP Camera Unauthenticated Command Injection
Posted Feb 28, 2022
Authored by bashis, jbaines-r7, Watchful_IP | Site metasploit.com

This Metasploit module exploits an unauthenticated command injection in a variety of Hikvision IP cameras (CVE-2021-36260). The module inserts a command into an XML payload used with an HTTP PUT request sent to the /SDK/webLanguage endpoint, resulting in command execution as the root user. This module specifically attempts to exploit the blind variant of the attack. The module was successfully tested against an HWI-B120-D/W using firmware V5.5.101 build 200408. It was also tested against an unaffected DS-2CD2142FWD-I using firmware V5.5.0 build 170725. Please see the Hikvision advisory for a full list of affected products.

tags | exploit, web, root
advisories | CVE-2021-36260
SHA-256 | 7bd3dd72f17285cba701691f5d8795c84e79f211db3e6ea8a840141f658935a5
Hikvision Web Server Build 210702 Command Injection
Posted Oct 25, 2021
Authored by bashis

Hikvision Web Server Build 210702 suffers from a command injection vulnerability.

tags | exploit, web
advisories | CVE-2021-36260
SHA-256 | 6f3b4e5a9c425280adc8f7457f3b39a4875de53beec44c5e9cbfa151788ff314
Hikvision IP Camera 5.3.9 Access Control Bypass
Posted Mar 26, 2018
Authored by Matamorphosis

Hikvision IP Camera versions 5.2.0 through 5.3.9 (builds 140721 up until 170109) suffer from an access control bypass vulnerability.

tags | exploit, bypass
SHA-256 | 7af92b119967a688ba007849fccd93f43c5fcb2a0a609765db006f3999450a9f
HikVision Wi-Fi IP Camera Wireless Access Point State
Posted Nov 28, 2017
Authored by IOT Sec

HikVision Wi-Fi IP cameras come with a default SSID "davinci", with a setting of no WiFi encryption or authentication. Depending on the firmware version, there is no configuration option within the camera to turn off Wi-Fi. If a camera is deployed via wired ethernet, then the WiFi settings won't be adjusted, and a rogue AP with the SSID "davinci" can be associated to the camera to provide a new attack vector via WiFi to a wired network camera. Tested on firmware versions 5.3.0, 5.4.0, and 5.4.5 and model number DS-2CD2432F-IW.

tags | exploit
advisories | CVE-2017-14953
SHA-256 | f5308846195618c1d90deb701b32687a1044057024da5ebb8faa201a03647d06
Hikvision IP Camera Access Bypass
Posted Sep 12, 2017
Authored by Monte Crypto

Hikvision IP Cameras suffers from multiple access bypass vulnerabilities.

tags | exploit, vulnerability, bypass
SHA-256 | cabfbe910089852487e71438083c32d73028cf30f8bde18c0de76568a7647b30
Hikvision DS-7108HWI-SH XML Injection / Abuse Issues
Posted May 21, 2015
Authored by MustLive

Hikvision DS-7108HWI-SH suffers from XML injection and abuse control vulnerabilities.

tags | exploit, vulnerability, xxe
SHA-256 | d1bb4634146fdef0c8b2ec9946f0fa8374acbf0fa0d2991358c04ebba364be68
Hikvision DS-2CD2012-I XML Injection / Abuse Issues
Posted May 15, 2015
Authored by MustLive

Hikvision DS-2CD2012-I suffers from XML injection and abuse control vulnerabilities.

tags | exploit, vulnerability, xxe
SHA-256 | 1c2e78e7ec0327818de05824e547cf8af2af3fb0717a7ae08f9503728cc5fa9f
Hikvision DS-7204HWI-SH Brute Force
Posted Mar 1, 2015
Authored by MustLive

Hikvision DS-7204HWI-SH suffers from abuse of functionality and brute force vulnerabilities.

tags | advisory, vulnerability
SHA-256 | 46a44e8b3bbd205d125500849fbb79671f633e32429ba836a0be68ee55f0de16
Hikvision DVR RTSP Request Remote Code Execution
Posted Nov 20, 2014
Authored by Mark Schloesser | Site metasploit.com

This Metasploit module exploits a buffer overflow in the RTSP request parsing code of Hikvision DVR appliances. The Hikvision DVR devices record video feeds of surveillance cameras and offer remote administration and playback of recorded footage. The vulnerability is present in several models / firmware versions but due to the available test device this module only supports the DS-7204 model.

tags | exploit, remote, overflow
advisories | CVE-2014-4880
SHA-256 | 6b2b9a85fb38d16071b6b342c045ffee4f7eec319cde44c45f5692a33a084002
Hikvision IP Cameras Overflow / Bypass / Privilege Escalation
Posted Aug 7, 2013
Authored by Alberto Solino, Core Security Technologies, Anibal Sacco, Alejandro Rodriguez | Site coresecurity.com

Core Security Technologies Advisory - Hikvision IP Cameras suffer from buffer overflow, authentication bypass, hard-coded credential, and privilege escalation vulnerabilities.

tags | exploit, overflow, vulnerability
advisories | CVE-2013-4975, CVE-2013-4976, CVE-2013-4977
SHA-256 | a4a4535ab067aafda1e020840c583034d91d05f5ea87d44f5643945fba43b443
Page 1 of 1

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    19 Files
  • 23
    Jul 23rd
    17 Files
  • 24
    Jul 24th
    47 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By