CVE-2021-36260 – Hikvision / Multiple – Command Injection
CVE-2021-36260 is a command injection vulnerability impacting multiple Hikvision products. An exploit was observed in open source and a link to an exploit was shared in the underground.
Summary:
CVE-2021-36260 is a command injection vulnerability impacting multiple Hikvision products. An exploit was observed in open source and a link to an exploit was shared in the underground.
PoC Links(if available):
Packet Storm exploit –
https://packetstormsecurity.com/files/164603/Hikvision-Web-Server-Build-210702-Command-Injection.html
Known Counter Measures:
Hikvision addressed the vulnerability in security notification with updated versions.
Links to patches(if available)
https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification-command-injection-vulnerability-in-some-hikvision-products/security-notification-command-injection-vulnerability-in-some-hikvision-products/