CVE-2021-36260 – Hikvision / Multiple – Command Injection

November 5, 2021

CVE-2021-36260 is a command injection vulnerability impacting multiple Hikvision products. An exploit was observed in open source and a link to an exploit was shared in the underground.

Summary:

CVE-2021-36260 is a command injection vulnerability impacting multiple Hikvision products. An exploit was observed in open source and a link to an exploit was shared in the underground.

PoC Links(if available):

Packet Storm exploit –
https://packetstormsecurity.com/files/164603/Hikvision-Web-Server-Build-210702-Command-Injection.html

Known Counter Measures:

Hikvision addressed the vulnerability in security notification with updated versions.

Links to patches(if available)

https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification-command-injection-vulnerability-in-some-hikvision-products/security-notification-command-injection-vulnerability-in-some-hikvision-products/

You may have missed

image

[MEOW] – Ransomware Victim: Zyloware

November 14, 2024
image

[MEOW] – Ransomware Victim: Cottles Asphalt Maintenance Inc

November 14, 2024
image

[MEOW] – Ransomware Victim: Karl Malone Toyota

November 14, 2024
image

[MEOW] – Ransomware Victim: Pine Belt Cars

November 14, 2024
image

[MEOW] – Ransomware Victim: J[.]S[.]T[.] Espana

November 14, 2024