CVE-2021-36260
Description
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.
Severity: CRITICAL
CVE ID: CVE-2021-36260
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2021-36260
Refrence: Project Discovery GitHub
rabbitsafe
CVE-2021-36260
Refrence: GitHub
Aiminsun
command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.
Refrence: GitHub
TaroballzChen
the metasploit script(POC) about CVE-2021-36260
Refrence: GitHub
tuntin9x
CVE-2021-36260
Refrence: GitHub
Cuerz
海康威视RCE漏洞 批量检测和利用工具
Refrence: GitHub
TakenoSite
Refrence: GitHub
r3t4k3r
Brute Hikvision CAMS with CVE-2021-36260 Exploit
Refrence: GitHub
haingn
Refrence: GitHub
Content on GitHub
jorhelp | watchers:1404
Ingram
网络摄像头漏洞扫描工具 | Webcam vulnerability scanning tool
Refrence: GitHub