Some Hikvision Hybrid SAN products were vulnerable to multiple remote code execution (command injection) vulnerabilities, including reflected cross site scripting, Ruby code injection, classic and blind SQL injection resulting in remote code execution that allows an adversary to execute arbitrary operating system commands and more. However, an adversary must be on the same network to leverage this vulnerability to execute arbitrary commands.
9ef9e4e937841d3becdae9ba498b3199c7ac7dfcaea39831e8e5a468cd2d8f10Hikvision IP Camera has a backdoor where a magic string allows instant access regardless of authentication.
5f6dfb93637a2bf560169ca8d350af523d2b8bf97671349af8d90046510d15a5This Metasploit module exploits an unauthenticated command injection in a variety of Hikvision IP cameras (CVE-2021-36260). The module inserts a command into an XML payload used with an HTTP PUT request sent to the /SDK/webLanguage endpoint, resulting in command execution as the root user. This module specifically attempts to exploit the blind variant of the attack. The module was successfully tested against an HWI-B120-D/W using firmware V5.5.101 build 200408. It was also tested against an unaffected DS-2CD2142FWD-I using firmware V5.5.0 build 170725. Please see the Hikvision advisory for a full list of affected products.
7bd3dd72f17285cba701691f5d8795c84e79f211db3e6ea8a840141f658935a5Hikvision Web Server Build 210702 suffers from a command injection vulnerability.
6f3b4e5a9c425280adc8f7457f3b39a4875de53beec44c5e9cbfa151788ff314Hikvision IP Camera versions 5.2.0 through 5.3.9 (builds 140721 up until 170109) suffer from an access control bypass vulnerability.
7af92b119967a688ba007849fccd93f43c5fcb2a0a609765db006f3999450a9fHikVision Wi-Fi IP cameras come with a default SSID "davinci", with a setting of no WiFi encryption or authentication. Depending on the firmware version, there is no configuration option within the camera to turn off Wi-Fi. If a camera is deployed via wired ethernet, then the WiFi settings won't be adjusted, and a rogue AP with the SSID "davinci" can be associated to the camera to provide a new attack vector via WiFi to a wired network camera. Tested on firmware versions 5.3.0, 5.4.0, and 5.4.5 and model number DS-2CD2432F-IW.
f5308846195618c1d90deb701b32687a1044057024da5ebb8faa201a03647d06Hikvision IP Cameras suffers from multiple access bypass vulnerabilities.
cabfbe910089852487e71438083c32d73028cf30f8bde18c0de76568a7647b30Hikvision DS-7108HWI-SH suffers from XML injection and abuse control vulnerabilities.
d1bb4634146fdef0c8b2ec9946f0fa8374acbf0fa0d2991358c04ebba364be68Hikvision DS-2CD2012-I suffers from XML injection and abuse control vulnerabilities.
1c2e78e7ec0327818de05824e547cf8af2af3fb0717a7ae08f9503728cc5fa9fHikvision DS-7204HWI-SH suffers from abuse of functionality and brute force vulnerabilities.
46a44e8b3bbd205d125500849fbb79671f633e32429ba836a0be68ee55f0de16This Metasploit module exploits a buffer overflow in the RTSP request parsing code of Hikvision DVR appliances. The Hikvision DVR devices record video feeds of surveillance cameras and offer remote administration and playback of recorded footage. The vulnerability is present in several models / firmware versions but due to the available test device this module only supports the DS-7204 model.
6b2b9a85fb38d16071b6b342c045ffee4f7eec319cde44c45f5692a33a084002
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed