Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_HIKVISION_CVE-2021-36260.NASL
HistoryJul 22, 2024 - 12:00 a.m.

Hikvision Multiple Products Command Injection (CVE-2021-36260)

2024-07-2200:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
26
hikvision
command injection
vulnerability
cve-2021-36260
tenable ot scanner

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

Low

JSON

A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(502303);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/07/22");

  script_cve_id("CVE-2021-36260");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/01/24");

  script_name(english:"Hikvision Multiple Products Command Injection (CVE-2021-36260)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A command injection vulnerability in the web server of some Hikvision
product. Due to the insufficient input validation, attacker can
exploit the vulnerability to launch a command injection attack by
sending some messages with malicious commands.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification-command-injection-vulnerability-in-some-hikvision-products/security-notification-command-injection-vulnerability-in-some-hikvision-products/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fdaf1c58");
  # http://packetstormsecurity.com/files/164603/Hikvision-Web-Server-Build-210702-Command-Injection.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?946d8cfc");
  # http://packetstormsecurity.com/files/166167/Hikvision-IP-Camera-Unauthenticated-Command-Injection.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b59bc082");
  # https://www.cyfirma.com/wp-content/uploads/2022/08/HikvisionSurveillanceCamerasVulnerabilities.pdf
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d42142cf");
  # https://therecord.media/experts-warn-of-widespread-exploitation-involving-hikvision-cameras/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2e8d8826");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-36260");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Hikvision IP Camera Unauthenticated Command Injection');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/09/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/09/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/07/22");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2cvx1_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2cvx6_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2cd1x1_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2cd1x23g0e%28c%29_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2cd1x43%28b%29_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2cd1x43%28c%29_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2cd1x43g0e_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2cd1x53%28b%29_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2cd1x53%28c%29_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2cd1x7g0_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2cd2x6g2_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2cd2x6g2%28c%29_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2cd2x7g2_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2cd2x7g2%28c%29_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2cd2x21g0%28c%29_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2cd2x21g1%28c%29_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2cd2x3g2_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2cd3x6g2_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2cd3x6g2%28c%29_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2cd3x7g2_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2cd3x7g2%28c%29_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2cd3x7g0e_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2cd3x21g0_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2cd3x21g0%28c%29_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2cd3x51g0%28c%29_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2cd3x3g2_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2cd4x0_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2cd4x6_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2xe62x2f%28d%29_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2xc66x5g0_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2xe64x2f%28b%29_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2cd8cx6g0_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2dyhx_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2dy9x_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2df5x_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2df6x_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2df6x-cx_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2df7x_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2df8x_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2df9x_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2tbx_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-bx_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2tdxb_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2td1x-x_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2td2x-x_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2td41x-x%2fwx_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2td62x-x%2fwx_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2td81x-x%2fwx_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2td4x-x%2fv2_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2td62x-x%2fv2_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2td81x-x%2fv2_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-76xni-k1x%28c%29_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-76xni-qx%28c%29_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-hilooki-nvr-1xmhx-c%28c%29_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-hilooki-nvr-2xmhx-c%28c%29_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-hiwatchi-hwn-41xmhx%28c%29_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-hiwatchi-hwn-42xmhx%28c%29_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-71xni-q1x%28c%29_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-hilooki-nvr-1xmhx-d%28c%29_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-hilooki-nvr-1xhx-d%28c%29_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-hiwatchi-hwn-21xmhx%28c%29_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-hiwatchi-hwn-21xhx%28c%29_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2cd1x23g0_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2cd2x1g0_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2cd2x1g1_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2cd2x27g1_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2cd2x27g3e_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2cd4x6fwd_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2cd4x5g0_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2xe6x5g0_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2xe6x2f_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2xm6x2fwd_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2xm6x2g0_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ipc-x_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2ptx_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ids-2ptx_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2se7x_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ids-2pt9x_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ids-2sk7x_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ids-2sk8x_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ids-2sr8x_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ids-2vsx_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ds-2dex_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ids-2dex_series");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ids-2xm6810");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hikvision:ids-2cd6810");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Hikvision");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Hikvision');

var asset = tenable_ot::assets::get(vendor:'Hikvision');

var vuln_cpes = {
    "cpe:/o:hikvision:ds-2cvx1_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2cvx6_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2cd1x1_series" :
        {"family" : "HikvisionIPCamerasWiFiSeries", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2cd1x23g0e%28c%29_series" :
        {"family" : "HikvisionIPCamerasWiFiSeries", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2cd1x43%28b%29_series" :
        {"family" : "HikvisionIPCamerasWiFiSeries", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2cd1x43%28c%29_series" :
        {"family" : "HikvisionIPCamerasWiFiSeries", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2cd1x43g0e_series" :
        {"family" : "HikvisionIPCamerasWiFiSeries", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2cd1x53%28b%29_series" :
        {"family" : "HikvisionIPCamerasWiFiSeries", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2cd1x53%28c%29_series" :
        {"family" : "HikvisionIPCamerasWiFiSeries", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2cd1x7g0_series" :
        {"family" : "HikvisionIPCamerasWiFiSeries", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2cd2x6g2_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2cd2x6g2%28c%29_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2cd2x7g2_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2cd2x7g2%28c%29_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2cd2x21g0%28c%29_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2cd2x21g1%28c%29_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2cd2x3g2_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2cd3x6g2_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2cd3x6g2%28c%29_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2cd3x7g2_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2cd3x7g2%28c%29_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2cd3x7g0e_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2cd3x21g0_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2cd3x21g0%28c%29_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2cd3x51g0%28c%29_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2cd3x3g2_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2cd4x0_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2cd4x6_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2xe62x2f%28d%29_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2xc66x5g0_series" :
        {"family" : "HikvisionIPCamerasAntiCorrosionSeries", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2xe64x2f%28b%29_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2cd8cx6g0_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2dyhx_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2dy9x_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2df5x_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2df6x_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2df6x-cx_series" :
        {"family" : "HikvisionIPCamerasUltraSeries", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2df7x_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2df8x_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2df9x_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2tbx_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210702"},
    "cpe:/o:hikvision:ds-bx_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210702"},
    "cpe:/o:hikvision:ds-2tdxb_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210702"},
    "cpe:/o:hikvision:ds-2td1x-x_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210702"},
    "cpe:/o:hikvision:ds-2td2x-x_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210702"},
    "cpe:/o:hikvision:ds-2td41x-x%2fwx_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210702"},
    "cpe:/o:hikvision:ds-2td62x-x%2fwx_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210702"},
    "cpe:/o:hikvision:ds-2td81x-x%2fwx_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210702"},
    "cpe:/o:hikvision:ds-2td4x-x%2fv2_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210702"},
    "cpe:/o:hikvision:ds-2td62x-x%2fv2_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210702"},
    "cpe:/o:hikvision:ds-2td81x-x%2fv2_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210702"},
    "cpe:/o:hikvision:ds-76xni-k1x%28c%29_series" :
        {"family" : "HikvisionVideoRecordersProSeries", "versionStartIncluding" : "v4.30.210_build201224", "versionEndIncluding" : "v4.31.000_build210511"},
    "cpe:/o:hikvision:ds-76xni-qx%28c%29_series" :
        {"family" : "HikvisionVideoRecordersProSeries", "versionStartIncluding" : "v4.30.210_build201224", "versionEndIncluding" : "v4.31.000_build210511"},
    "cpe:/o:hikvision:ds-hilooki-nvr-1xmhx-c%28c%29_series" :
        {"family" : "Hikvision", "versionStartIncluding" : "v4.30.210_build201224", "versionEndIncluding" : "v4.31.000_build210511"},
    "cpe:/o:hikvision:ds-hilooki-nvr-2xmhx-c%28c%29_series" :
        {"family" : "Hikvision", "versionStartIncluding" : "v4.30.210_build201224", "versionEndIncluding" : "v4.31.000_build210511"},
    "cpe:/o:hikvision:ds-hiwatchi-hwn-41xmhx%28c%29_series" :
        {"family" : "Hikvision", "versionStartIncluding" : "v4.30.210_build201224", "versionEndIncluding" : "v4.31.000_build210511"},
    "cpe:/o:hikvision:ds-hiwatchi-hwn-42xmhx%28c%29_series" :
        {"family" : "Hikvision", "versionStartIncluding" : "v4.30.210_build201224", "versionEndIncluding" : "v4.31.000_build210511"},
    "cpe:/o:hikvision:ds-71xni-q1x%28c%29_series" :
        {"family" : "HikvisionVideoRecordersValueSeries", "versionStartIncluding" : "v4.30.300_build210221", "versionEndIncluding" : "v4.31.100_build210511"},
    "cpe:/o:hikvision:ds-hilooki-nvr-1xmhx-d%28c%29_series" :
        {"family" : "Hikvision", "versionStartIncluding" : "v4.30.300_build210221", "versionEndIncluding" : "v4.31.100_build210511"},
    "cpe:/o:hikvision:ds-hilooki-nvr-1xhx-d%28c%29_series" :
        {"family" : "Hikvision", "versionStartIncluding" : "v4.30.300_build210221", "versionEndIncluding" : "v4.31.100_build210511"},
    "cpe:/o:hikvision:ds-hiwatchi-hwn-21xmhx%28c%29_series" :
        {"family" : "Hikvision", "versionStartIncluding" : "v4.30.300_build210221", "versionEndIncluding" : "v4.31.100_build210511"},
    "cpe:/o:hikvision:ds-hiwatchi-hwn-21xhx%28c%29_series" :
        {"family" : "Hikvision", "versionStartIncluding" : "v4.30.300_build210221", "versionEndIncluding" : "v4.31.100_build210511"},
    "cpe:/o:hikvision:ds-2cd1x23g0_series" :
        {"family" : "HikvisionIPCamerasWiFiSeries", "versionEndExcluding" : "5.5.0"},
    "cpe:/o:hikvision:ds-2cd2x1g0_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "5.5.0"},
    "cpe:/o:hikvision:ds-2cd2x1g1_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "5.5.0"},
    "cpe:/o:hikvision:ds-2cd2x27g1_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "5.5.0"},
    "cpe:/o:hikvision:ds-2cd2x27g3e_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "5.5.0"},
    "cpe:/o:hikvision:ds-2cd4x6fwd_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "5.5.0"},
    "cpe:/o:hikvision:ds-2cd4x5g0_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "5.5.0"},
    "cpe:/o:hikvision:ds-2xe6x5g0_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "5.5.0"},
    "cpe:/o:hikvision:ds-2xe6x2f_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "5.5.0"},
    "cpe:/o:hikvision:ds-2xm6x2fwd_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "5.5.0"},
    "cpe:/o:hikvision:ds-2xm6x2g0_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "5.5.0"},
    "cpe:/o:hikvision:ipc-x_series" :
        {"family" : "HikvisionIPCameras", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:hwi-x_series" :
        {"family" : "HikvisionIPCameras", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ptz-nx_series" :
        {"family" : "HikvisionIPCameras", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:hwp-nx_series" :
        {"family" : "HikvisionIPCameras", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2ptx_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ids-2ptx_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2se7x_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ids-2pt9x_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ids-2sk7x_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ids-2sk8x_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ids-2sr8x_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ids-2vsx_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ds-2dex_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "5.5.0"},
    "cpe:/o:hikvision:ids-2dex_series" :
        {"family" : "Hikvision", "versionEndExcluding" : "5.5.0"},
    "cpe:/o:hikvision:ids-2xm6810" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"},
    "cpe:/o:hikvision:ids-2cd6810" :
        {"family" : "Hikvision", "versionEndExcluding" : "build210625"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
VendorProductVersionCPE
hikvisionds-2td81x-x%2fv2_seriescpe:/o:hikvision:ds-2td81x-x%2fv2_series
hikvisionds-hilooki-nvr-2xmhx-c%28c%29_seriescpe:/o:hikvision:ds-hilooki-nvr-2xmhx-c%28c%29_series
hikvisionds-2cd2x21g1%28c%29_seriescpe:/o:hikvision:ds-2cd2x21g1%28c%29_series
hikvisionids-2sr8x_seriescpe:/o:hikvision:ids-2sr8x_series
hikvisionds-2se7x_seriescpe:/o:hikvision:ds-2se7x_series
hikvisionds-hiwatchi-hwn-21xmhx%28c%29_seriescpe:/o:hikvision:ds-hiwatchi-hwn-21xmhx%28c%29_series
hikvisionds-2cd2x1g1_seriescpe:/o:hikvision:ds-2cd2x1g1_series
hikvisionids-2dex_seriescpe:/o:hikvision:ids-2dex_series
hikvisionds-hiwatchi-hwn-21xhx%28c%29_seriescpe:/o:hikvision:ds-hiwatchi-hwn-21xhx%28c%29_series
hikvisionids-2ptx_seriescpe:/o:hikvision:ids-2ptx_series
Rows per page:
1-10 of 861

Related

zdt 2
prion 1
cisa 2
openvas 1
cisa_kev 1
malwarebytes 3
githubexploit 11
packetstorm 2
cve 1
checkpoint_advisories 1
cvelist 1
nessus 1
threatpost 2
metasploit 1
nvd 1
nuclei 1
exploitdb 1
attackerkb 1
securelist 1
thn 1
rapid7blog 1
qualysblog 1
avleonov 1
ics 1
mmpc 1
mssecure 1
zdt
zdt
Hikvision IP Camera Unauthenticated Command Injection Exploit
2022-02-28 00:00:00
Hikvision Web Server Build 210702 - Command Injection Exploit
2021-10-25 00:00:00
prion
prion
Command injection
2021-09-22 13:15:00
cisa
cisa
RCE Vulnerability in Hikvision Cameras (CVE-2021-36260)
2021-09-28 00:00:00
CISA Adds 15 Known Exploited Vulnerabilities to Catalog
2022-01-10 00:00:00
openvas
openvas
Hikvision IP Camera RCE Vulnerability (HSRC-202109-01) - Active Check
2022-08-24 00:00:00
cisa_kev
cisa_kev
Hikvision Improper Input Validation
2022-01-10 00:00:00
malwarebytes
malwarebytes
Thousands of Hikvision video cameras remain unpatched and vulnerable to takeover
2022-08-23 13:00:00
Patch now! Insecure Hikvision security cameras can be taken over remotely
2021-09-22 12:19:40
Chinese APT's favorite vulnerabilities revealed
2022-10-13 16:15:00
githubexploit
githubexploit
Exploit for OS Command Injection in Hikvision Ds-2Cd2026G2-Iu/Sl Firmware
2021-10-18 06:40:48
Exploit for OS Command Injection in Hikvision Ds-2Cd2026G2-Iu/Sl Firmware
2022-08-29 15:21:11
Exploit for OS Command Injection in Hikvision Ds-2Cd2026G2-Iu/Sl Firmware
2023-07-18 00:31:47
packetstorm
packetstorm
Hikvision IP Camera Unauthenticated Command Injection
2022-02-28 00:00:00
Hikvision Web Server Build 210702 Command Injection
2021-10-25 00:00:00
cve
cve
CVE-2021-36260
2021-09-22 13:15:07
checkpoint_advisories
checkpoint_advisories
Hikvision Web Server Command Injection (CVE-2021-36260)
2022-03-28 00:00:00
cvelist
cvelist
CVE-2021-36260
2021-09-22 12:07:55
nessus
nessus
Hikivision IP Camera Command Injection Vulnerability
2023-01-13 00:00:00
threatpost
threatpost
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
2022-08-25 18:47:15
Moobot Botnet Chews Up Hikvision Surveillance Systems
2021-12-08 20:13:18
metasploit
metasploit
Hikvision IP Camera Unauthenticated Command Injection
2022-02-19 21:13:24
nvd
nvd
CVE-2021-36260
2021-09-22 13:15:07
nuclei
nuclei
Hikvision IP camera/NVR - Remote Command Execution
2021-10-29 08:17:09
exploitdb
exploitdb
Hikvision Web Server Build 210702 - Command Injection
2021-10-25 00:00:00
attackerkb
attackerkb
CVE-2021-36260
2021-09-22 00:00:00
securelist
securelist
DDoS attacks in Q4 2021
2022-02-10 10:00:04
thn
thn
Over 300,000 MikroTik Devices Found Vulnerable to Remote Hacking Bugs
2021-12-09 11:15:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2022-03-04 21:52:42
qualysblog
qualysblog
NSA Alert: Topmost CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors
2022-10-07 20:03:01
avleonov
avleonov
Joint Advisory AA22-279A and Vulristics
2022-10-21 20:10:13
ics
ics
Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors
2022-10-06 12:00:00
mmpc
mmpc
Microsoft research uncovers new Zerobot capabilities
2022-12-21 20:00:00
mssecure
mssecure
Microsoft research uncovers new Zerobot capabilities
2022-12-21 20:00:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

Low

JSON
Related for TENABLE_OT_HIKVISION_CVE-2021-36260.NASL
zdt2prion1cisa2openvas1cisa_kev1malwarebytes3githubexploit11packetstorm2cve1checkpoint_advisories1cvelist1nessus1threatpost2metasploit1nvd1nuclei1exploitdb1attackerkb1securelist1thn1rapid7blog1qualysblog1avleonov1ics1mmpc1mssecure1