CVE-2021-36260 – Hikvision / Multiple – Command Injection

CVE-2021-36260 is a command injection vulnerability impacting multiple Hikvision products. An exploit was observed in open source and a link to an exploit was shared in the underground.

Summary:

CVE-2021-36260 is a command injection vulnerability impacting multiple Hikvision products. An exploit was observed in open source and a link to an exploit was shared in the underground.

PoC Links(if available):

Packet Storm exploit –
https://packetstormsecurity.com/files/164603/Hikvision-Web-Server-Build-210702-Command-Injection.html

Known Counter Measures:

Hikvision addressed the vulnerability in security notification with updated versions.

Links to patches(if available)

https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification-command-injection-vulnerability-in-some-hikvision-products/security-notification-command-injection-vulnerability-in-some-hikvision-products/