Lucene search
K

18 matches found

GithubExploit
GithubExploit
added 2026/01/21 1:25 p.m.223 views

Exploit for OS Command Injection in Hikvision Ds-2Cd2026G2-Iu\/Sl_Firmware

Hikvision CVE-2021-36260 RCE Vulnerability Vulnerability D...

9.8CVSS7.3AI score0.99869EPSS
Exploits23
Tenable Nessus
Tenable Nessus
added 2024/07/22 12:0 a.m.149 views

Hikvision Multiple Products Command Injection (CVE-2021-36260)

A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands. This plugin only works with Tenable.ot. Please vis...

9.8CVSS7.4AI score0.99869EPSS
Exploits23References6
Information Security Automation
Information Security Automation
added 2022/10/21 8:10 p.m.160 views

Joint Advisory AA22-279A and Vulristics

Hello everyone! This episode will be about the new hot twenty vulnerabilities from CISA, NSA and FBI, Joint cybersecurity advisory CSA AA22-279A, and how I analyzed these vulnerabilities using my open source project Vulristics. Alternative video link for Russia: Americans cant just release a list...

10CVSS1.1AI score0.99999EPSS
Exploits965
GithubExploit
GithubExploit
added 2022/08/29 3:21 p.m.479 views

Exploit for OS Command Injection in Hikvision Ds-2Cd2026G2-Iu\/Sl_Firmware

CVE-2021-36260 Check whether the Sleep command is e...

9.8CVSS9.1AI score0.99869EPSS
Exploits23
GithubExploit
GithubExploit
added 2022/08/28 3:11 a.m.499 views

Exploit for OS Command Injection in Hikvision Ds-2Cd2026G2-Iu\/Sl_Firmware

RemoteUploader Upload to a specific web server and run remote...

9.8CVSS9AI score0.99869EPSS
Exploits23
Packet Storm
Packet Storm
added 2022/02/28 12:0 a.m.1630 views

Hikvision IP Camera Unauthenticated Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Hikvision IP Camera Unauthenticated Command Injection', 'Description' = %q This module exploits an unauthenticated command injection in a variety...

9.8CVSS1AI score0.99869EPSS
Exploits23
0day.today
0day.today
added 2022/02/28 12:0 a.m.5418 views

Hikvision IP Camera Unauthenticated Command Injection Exploit

This Metasploit module exploits an unauthenticated command injection in a variety of Hikvision IP cameras CVE-2021-36260. The module inserts a command into an XML payload used with an HTTP PUT request sent to the /SDK/webLanguage endpoint, resulting in command execution as the root user. This...

9.8CVSS0.99869EPSS
Exploits23
Metasploit
Metasploit
added 2022/02/26 5:42 p.m.654 views

Hikvision IP Camera Unauthenticated Command Injection

This module exploits an unauthenticated command injection in a variety of Hikvision IP cameras CVE-2021-36260. The module inserts a command into an XML payload used with an HTTP PUT request sent to the /SDK/webLanguage endpoint, resulting in command execution as the root user. This module...

9.8CVSS9.4AI score0.99869EPSS
Exploits23
GithubExploit
GithubExploit
added 2021/12/13 9:23 a.m.648 views

Exploit for OS Command Injection in Hikvision Ds-2Cd2026G2-Iu\/Sl_Firmware

CheckHKRCE CVE-2021-36260 Source code based on: https://githu...

9.8CVSS9AI score0.99869EPSS
Exploits23
ThreatPost
ThreatPost
added 2021/12/08 8:13 p.m.107 views

Moobot Botnet Chews Up Hikvision Surveillance Systems

Although a patch was released in September, any still-vulnerable Hikvision IP Network Video Recorder NVR products are being actively targeted by the Mirai-based botnet known as Moobot. FortiGuard Labs has released a report detailing how the Moobot botnet is leveraging a known remote code executio...

9.8CVSS9AI score0.99869EPSS
Exploits23References17
GithubExploit
GithubExploit
added 2021/11/03 8:11 a.m.954 views

Exploit for OS Command Injection in Hikvision Ds-2Cd2026G2-Iu\/Sl_Firmware

CVE-2021-36260-metasploit the metasploit scriptPOC about CVE...

9.8CVSS9.1AI score0.99869EPSS
Exploits23
GithubExploit
GithubExploit
added 2021/10/27 3:51 p.m.603 views

Exploit for OS Command Injection in Hikvision Ds-2Cd2026G2-Iu\/Sl_Firmware

CVE-2021-36260 CVE-2021-36260 POC command injection vulnerabil...

9.8CVSS9.2AI score0.99869EPSS
Exploits23
Packet Storm
Packet Storm
added 2021/10/25 12:0 a.m.1313 views

Hikvision Web Server Build 210702 Command Injection

Exploit Title: Hikvision Web Server Build 210702 - Command Injection Exploit Author: bashis Vendor Homepage: https://www.hikvision.com/ Version: 1.0 CVE: CVE-2021-36260 Reference: https://watchfulip.github.io/2021/09/18/Hikvision-IP-Camera-Unauthenticated-RCE.html All credit to WatchfulIP...

9.3CVSS0.4AI score0.99869EPSS
Exploits23
CISA
CISA
added 2021/09/28 12:0 a.m.566 views

RCE Vulnerability in Hikvision Cameras (CVE-2021-36260)

Hikvision has released updates to mitigate a command injection vulnerability—CVE-2021-36260—in Hikvision cameras that use a web server service. A remote attacker could exploit this vulnerability to take control of an affected device. CISA encourages users and administrators to review Hikvision’s...

9.3CVSS0.8AI score0.99869EPSS
Exploits23References2
Circl
Circl
added 2021/09/23 8:32 p.m.11 views

CVE-2021-36260

creationtimestamp| type| source ---|---|--- 2021-09-23 20:32:56+00:00| published-proof-of-concept| https://t.me/truesecator/2138 2021-09-23 21:48:55+00:00| seen| https://t.me/NeKaspersky/1250 2021-10-18 06:42:30+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/709 2021-10-27...

9.8CVSS7.5AI score0.99869EPSS
In wildExploits23References38
Vulnrichment
Vulnrichment
added 2021/09/22 12:7 p.m.13 views

CVE-2021-36260

A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands...

9.7AI score0.99869EPSS
Exploits23References5
CVE
CVE
added 2021/09/22 12:7 p.m.1936 views

CVE-2021-36260

CVE-2021-36260 is a command-injection vulnerability in the web server of Hikvision products caused by insufficient input validation. Public details in the provided docs confirm an attacker can trigger remote code execution via crafted messages to the device (no authentication required in some PoC...

9.8CVSS9.4AI score0.99869EPSS
In wildExploits23References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/09/22 12:0 a.m.300 views

CVE-2021-36260

A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands. Recent assessments: Assessed Attacker Value: 0...

9.8CVSS3.2AI score0.99869EPSS
In wildExploits23References6
Rows per page
Query Builder