Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Hikvision DS-2CD2012-I XML Injection / Abuse Issues

🗓️ 15 May 2015 00:00:00Reported by MustLiveType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 31 Views

Hikvision DS-2CD2012-I XML Injection, Abuse of Functionality, and Brute Force vulnerabilitie

Code
`Hello list!  
  
There are vulnerabilities in Hikvision DS-2CD2012-I.  
  
These are XML Injection, Abuse of Functionality and Brute Force   
vulnerabilities. All these vulnerabilities are present in other IP cameras   
and DVR of Hikvision.  
  
-------------------------  
Affected vendors:  
-------------------------  
  
Hikvision  
http://www.hikvision.com  
  
-------------------------  
Affected products:  
-------------------------  
  
Vulnerable are the next models with different versions of firmware:   
Hikvision DS-2CD2012-I and other IPC, DVR and NVR of Hikvision, the list of   
models I wrote earlier (http://seclists.org/fulldisclosure/2015/Mar/161).  
  
As Hikvision answered me at 01.03.2015, they didn't want to fix Abuse of   
Functionality vulnerability, but they will fix Brute Force vulnerability in   
firmware in the beginning of this year. And they fixed XML Injection   
vulnerability last year.  
  
Hikvision fixed XML Injection in firmware for DVR/NVR in V3.2.0 and for IPC   
in V5.2.0 and fixed Brute Force in the last firmware.  
  
----------  
Details:  
----------  
  
XML Injection (WASC-23):  
  
http://site/ISAPI/%3C/requestURL%3E%3Clink%3Ehttp://site%3C/link%3E%3CrequestURL%3E/  
  
It can be used for XML Injection and XSS attacks.  
  
Abuse of Functionality (WASC-42):  
  
Login is persistent: admin (only logins for users can be changed). Which   
simplify Brute Force attack.  
  
Brute Force (WASC-11):  
  
In login form http://site/doc/page/login.asp there is no protection against   
Brute Force attacks. Which allows to pick up password (if it was changed   
from default).  
  
I found this and other web cameras during summer to watch terrorists   
activities in Donetsk and Lugansks regions of Ukraine and also I took under   
control web cameras in Russia   
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2015-April/009090.html).  
  
I mentioned about these vulnerabilities at my site   
(http://websecurity.com.ua/7346/).  
  
Best wishes & regards,  
MustLive  
Administrator of Websecurity web site  
http://websecurity.com.ua   
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
15 May 2015 00:00Current
7.4High risk
Vulners AI Score7.4
hikvisionds-2cd2012-ixml injectionabuse of functionalitybrute forceip camerasdvrnvrfirmwarepersistent loginxss attacksukrainerussiaweb security
31