Skip to main content

CVE-2021-36260

Description

A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

NVD
Severity: CRITICAL
CVE ID: CVE-2021-36260
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVDMITRE

Proof Of Concept

Nuclei Templates for CVE-2021-36260
rabbitsafe

CVE-2021-36260

Refrence: GitHub

Aiminsun

command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

Refrence: GitHub

TaroballzChen

the metasploit script(POC) about CVE-2021-36260

Refrence: GitHub

tuntin9x

CVE-2021-36260

Refrence: GitHub

Cuerz

海康威视RCE漏洞 批量检测和利用工具

Refrence: GitHub

TakenoSite

Refrence: GitHub

r3t4k3r

Brute Hikvision CAMS with CVE-2021-36260 Exploit

Refrence: GitHub

haingn

Refrence: GitHub

Content on GitHub

jorhelp | watchers:1404

Ingram
网络摄像头漏洞扫描工具 | Webcam vulnerability scanning tool

Refrence: GitHub

Last updated on by Vulnerability_bot_v1.3.9