CVE-2021-36260 – Hikvision / Multiple – Command Injection

November 5, 2021

CVE-2021-36260 is a command injection vulnerability impacting multiple Hikvision products. An exploit was observed in open source and a link to an exploit was shared in the underground.

Summary:

CVE-2021-36260 is a command injection vulnerability impacting multiple Hikvision products. An exploit was observed in open source and a link to an exploit was shared in the underground.

PoC Links(if available):

Packet Storm exploit –
https://packetstormsecurity.com/files/164603/Hikvision-Web-Server-Build-210702-Command-Injection.html

Known Counter Measures:

Hikvision addressed the vulnerability in security notification with updated versions.

Links to patches(if available)

https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification-command-injection-vulnerability-in-some-hikvision-products/security-notification-command-injection-vulnerability-in-some-hikvision-products/

You may have missed

CISA Logo

CISA: Foreign Threat Actor Conducting Large-Scale Spearphishing Campaign with RDP Attachments

November 22, 2024
image

[RANSOMHUB] – Ransomware Victim: blr[.]com

November 22, 2024
hackerone

HackerOne Bug Bounty Disclosure: std-process-command-batch-files-argument-escaping-could-be-bypassed-with-trailing-whitespace-or-periods–xpl-r-r

November 22, 2024
image

[LOCKBIT3] – Ransomware Victim: madison-home[.]com

November 22, 2024
image

[CHORT] – Ransomware Victim: sheboyganwi[.]gov

November 22, 2024