exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

Files

Hikvision Remote Code Execution / XSS / SQL Injection
Posted Jan 31, 2023
Authored by Thurein Soe

Some Hikvision Hybrid SAN products were vulnerable to multiple remote code execution (command injection) vulnerabilities, including reflected cross site scripting, Ruby code injection, classic and blind SQL injection resulting in remote code execution that allows an adversary to execute arbitrary operating system commands and more. However, an adversary must be on the same network to leverage this vulnerability to execute arbitrary commands.

tags | advisory, remote, arbitrary, vulnerability, code execution, xss, sql injection, ruby
advisories | CVE-2022-28171, CVE-2022-28172
SHA-256 | 9ef9e4e937841d3becdae9ba498b3199c7ac7dfcaea39831e8e5a468cd2d8f10

Related Files

Hikvision IP Camera Backdoor
Posted Mar 16, 2022
Authored by Sobhan Mahmoodi

Hikvision IP Camera has a backdoor where a magic string allows instant access regardless of authentication.

tags | exploit
SHA-256 | 5f6dfb93637a2bf560169ca8d350af523d2b8bf97671349af8d90046510d15a5
Hikvision IP Camera Unauthenticated Command Injection
Posted Feb 28, 2022
Authored by bashis, jbaines-r7, Watchful_IP | Site metasploit.com

This Metasploit module exploits an unauthenticated command injection in a variety of Hikvision IP cameras (CVE-2021-36260). The module inserts a command into an XML payload used with an HTTP PUT request sent to the /SDK/webLanguage endpoint, resulting in command execution as the root user. This module specifically attempts to exploit the blind variant of the attack. The module was successfully tested against an HWI-B120-D/W using firmware V5.5.101 build 200408. It was also tested against an unaffected DS-2CD2142FWD-I using firmware V5.5.0 build 170725. Please see the Hikvision advisory for a full list of affected products.

tags | exploit, web, root
advisories | CVE-2021-36260
SHA-256 | 7bd3dd72f17285cba701691f5d8795c84e79f211db3e6ea8a840141f658935a5
Hikvision Web Server Build 210702 Command Injection
Posted Oct 25, 2021
Authored by bashis

Hikvision Web Server Build 210702 suffers from a command injection vulnerability.

tags | exploit, web
advisories | CVE-2021-36260
SHA-256 | 6f3b4e5a9c425280adc8f7457f3b39a4875de53beec44c5e9cbfa151788ff314
Hikvision IP Camera 5.3.9 Access Control Bypass
Posted Mar 26, 2018
Authored by Matamorphosis

Hikvision IP Camera versions 5.2.0 through 5.3.9 (builds 140721 up until 170109) suffer from an access control bypass vulnerability.

tags | exploit, bypass
SHA-256 | 7af92b119967a688ba007849fccd93f43c5fcb2a0a609765db006f3999450a9f
HikVision Wi-Fi IP Camera Wireless Access Point State
Posted Nov 28, 2017
Authored by IOT Sec

HikVision Wi-Fi IP cameras come with a default SSID "davinci", with a setting of no WiFi encryption or authentication. Depending on the firmware version, there is no configuration option within the camera to turn off Wi-Fi. If a camera is deployed via wired ethernet, then the WiFi settings won't be adjusted, and a rogue AP with the SSID "davinci" can be associated to the camera to provide a new attack vector via WiFi to a wired network camera. Tested on firmware versions 5.3.0, 5.4.0, and 5.4.5 and model number DS-2CD2432F-IW.

tags | exploit
advisories | CVE-2017-14953
SHA-256 | f5308846195618c1d90deb701b32687a1044057024da5ebb8faa201a03647d06
Hikvision IP Camera Access Bypass
Posted Sep 12, 2017
Authored by Monte Crypto

Hikvision IP Cameras suffers from multiple access bypass vulnerabilities.

tags | exploit, vulnerability, bypass
SHA-256 | cabfbe910089852487e71438083c32d73028cf30f8bde18c0de76568a7647b30
Hikvision DS-7108HWI-SH XML Injection / Abuse Issues
Posted May 21, 2015
Authored by MustLive

Hikvision DS-7108HWI-SH suffers from XML injection and abuse control vulnerabilities.

tags | exploit, vulnerability, xxe
SHA-256 | d1bb4634146fdef0c8b2ec9946f0fa8374acbf0fa0d2991358c04ebba364be68
Hikvision DS-2CD2012-I XML Injection / Abuse Issues
Posted May 15, 2015
Authored by MustLive

Hikvision DS-2CD2012-I suffers from XML injection and abuse control vulnerabilities.

tags | exploit, vulnerability, xxe
SHA-256 | 1c2e78e7ec0327818de05824e547cf8af2af3fb0717a7ae08f9503728cc5fa9f
Hikvision DS-7204HWI-SH Brute Force
Posted Mar 1, 2015
Authored by MustLive

Hikvision DS-7204HWI-SH suffers from abuse of functionality and brute force vulnerabilities.

tags | advisory, vulnerability
SHA-256 | 46a44e8b3bbd205d125500849fbb79671f633e32429ba836a0be68ee55f0de16
Hikvision DVR RTSP Request Remote Code Execution
Posted Nov 20, 2014
Authored by Mark Schloesser | Site metasploit.com

This Metasploit module exploits a buffer overflow in the RTSP request parsing code of Hikvision DVR appliances. The Hikvision DVR devices record video feeds of surveillance cameras and offer remote administration and playback of recorded footage. The vulnerability is present in several models / firmware versions but due to the available test device this module only supports the DS-7204 model.

tags | exploit, remote, overflow
advisories | CVE-2014-4880
SHA-256 | 6b2b9a85fb38d16071b6b342c045ffee4f7eec319cde44c45f5692a33a084002
Page 1 of 1
Back1Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close