CVE-2021-36260

Description from NVD

A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

Information Acquisition Date:2022-08-25T14:42Z
CVSS 2.0: 9.3 HIGH CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

▼ CVSS2 Vec AV:N/AC:M/Au:N/C:C/I:C/A:C

NVD References

 https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification-command-injection-vulnerability-in-some-hikvision-products/
     source:MISC
     tags:Vendor Advisory    
 http://packetstormsecurity.com/files/164603/Hikvision-Web-Server-Build-210702-Command-Injection.html
     source:MISC
     tags:Exploit    Third Party Advisory    VDB Entry    
 http://packetstormsecurity.com/files/166167/Hikvision-IP-Camera-Unauthenticated-Command-Injection.html
     source:MISC
     tags:Exploit    Third Party Advisory    VDB Entry    
 https://www.cyfirma.com/wp-content/uploads/2022/08/HikvisionSurveillanceCamerasVulnerabilities.pdf
     source:MISC
     tags:
 https://therecord.media/experts-warn-of-widespread-exploitation-involving-hikvision-cameras/
     source:MISC
     tags:

This vulnerability may involve a PoC.

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag:

List of frequently cited URLs

URLNum of Times Referred to
https://alerts.vulmon.com/?utm_source=twitter&utm_medium=so...194
https://www.reddit.com/r/netsec/comments/sxcfja/analysis_of...59
https://cvetrends.com49
http://twinybots.ch42
https://lists.astaro.com/ASGV9-IPS-rules.html#029
https://us-cert.cisa.gov/ncas/current-activity/2021/09/28/r...13
https://www.bleepingcomputer.com/news/security/over-80-000-...5
https://github.com/Aiminsun/CVE-2021-362604
https://securityaffairs.co/wordpress/122474/hacking/hikvisi...4
https://watchfulip.github.io/2021/09/18/Hikvision-IP-Camera...4
https://bit.ly/3orzhxp3
https://youtu.be/EIq1hUbWcyA3
https://twitter.com/campuscodi/status/14401578386895175753
https://gbhackers.com/mirai-based-botnet-moobot-exploit-hik...3
https://attackerkb.com/topics/mb8q72U2LT/cve-2021-36260/rap...3
https://www.hikvision.com/en/support/cybersecurity/security...3

Information from Twitter

User URL Info Source Date
sicehice https://twitter.com/sicehice/status/1636055461899259904/pho... Source sicehice         1636055461899259904 2023/03/16

List of frequently cited URLs

URLNum of Times Referred to
alerts.vulmon.com194
www.reddit.com59
cvetrends.com49
twinybots.ch42
lists.astaro.com29
us-cert.cisa.gov13
www.bleepingcomputer.com5
github.com4
securityaffairs.co4
watchfulip.github.io4
bit.ly3
youtu.be3
twitter.com3
gbhackers.com3
attackerkb.com3
www.hikvision.com3

Information from Twitter

User URL Info Source
sicehice twitter.com Show Tweet
GitHub Search Results: Up to 10
NameURL
Aiminsun/CVE-2021-36260 https://github.com/Aiminsun/CVE-2021-36260
rabbitsafe/CVE-2021-36260 https://github.com/rabbitsafe/CVE-2021-36260
TaroballzChen/CVE-2021-36260-metasploit https://github.com/TaroballzChen/CVE-2021-36260-metasploit
tuntin9x/CheckHKRCE https://github.com/tuntin9x/CheckHKRCE
GitHub Search Results: Up to 10
NameURL
Aiminsun/CVE-2021-36260 github.com
rabbitsafe/CVE-2021-36260 github.com
TaroballzChen/CVE-2021-36260-metasploit github.com
tuntin9x/CheckHKRCE github.com
2023/03/16 Score : 0
Added Har-sia Database : 2021/09/21
Last Modified : 2023/03/16
Highest Scored Date : 2021/09/23
Highest Score : 44