Exploit for OS Command Injection in Hikvision Ds-2Cd2026G2-Iu\/Sl_Firmware

CVE-2021-36260 CVE-2021-36260 POC command injection vulnerabil...

CVE-2025-66177

There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision NVR/DVR/CVR/IPC models. If exploited, an attacker on the same local area network LAN could cause the device to malfunction by sending specially crafted packets to an unpatched device...

EUVD-2025-19719

Malicious code in bioql PyPI...

Exploit for Improper Authentication in Dahuasecurity Ipc-Hum7Xxx_Firmware

PoC misc PoC - Internet of InSecurity Things Well worth to read about these crappy insecurity things: https://ipvm.com/reports/security-exploits Hikvision CVE-2021-36260 --- 2021-10-19 All credit to WatchfulIP https://watchfulip.github.io/ https://github.com/mcw0/PoC/blob/master/CVE-2021-36260.py...

VulnCheck KEV: CVE-2025-34067

An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user input, allowing an...

CVE-2025-45851

An issue in Hikvision DS-2CD1321-I V5.7.21 build 230819 allows attackers to cause a Denial of Service DoS via sending a crafted POST request to the endpoint /ISAPI/Security/challenge. The vendor has stated that upgrading to V5.7.23SP2 fixes the issue...

CVE-2025-45851

An issue in Hikvision DS-2CD1321-I V5.7.21 build 230819 allows attackers to cause a Denial of Service DoS via sending a crafted POST request to the endpoint /ISAPI/Security/challenge. The vendor has stated that upgrading to V5.7.23SP2 fixes the issue...

CVE-2025-45851

An issue in Hikvision DS-2CD1321-I V5.7.21 build 230819 allows attackers to cause a Denial of Service DoS via sending a crafted POST request to the endpoint /ISAPI/Security/challenge. The vendor has stated that upgrading to V5.7.23SP2 fixes the issue...

CVE-2025-45851

The CVE-2025-45851 entry concerns Hikvision DS-2CD1321-I devices running V5.7.21 build 230819, where a crafted POST to /ISAPI/Security/challenge can cause a Denial of Service (DoS). The issue is documented with a CVSS v3.1 base score of 7.5 (Network attack, no privileges required, high impact on ...

Command Execution Vulnerability in Hikvision Integrated Security Management Platform of Hangzhou Hikvision Digital Technology Co.

Hangzhou Hikvision Digital Technology Co., Ltd. is a technology company that focuses on technological innovation. Command execution vulnerability exists in the Hikvision Integrated Security Management Platform of Hangzhou Hikvision Digital Technology Co. Ltd, which can be exploited by an attacker...

PT-2023-21986 · Hikvision · Localservicecomponents

Name of the Vulnerable Software and Affected Versions: plug-in affected versions not specified Description: The issue allows an attacker to exploit it by sending crafted messages to computers with the plug-in installed, modifying plug-in parameters. This could cause affected computers to download...

CVE-2023-28808

Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices...

CVE-2022-28173

The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices...

PT-2021-4746

Name of the Vulnerable Software and Affected Versions Hikvision IP cameras and NVR firmware affected versions not specified. Description A command injection vulnerability exists in the web server of certain Hikvision products due to insufficient input validation. This allows a remote attacker to...

XXE External Entity Injection Vulnerability in Hikvision Elisa Live IP camera

Hangzhou Hikvision Digital Technology Co. Elisa Live IP camera is a network camera. Hikvision Elisa Live IP camera suffers from XXE external entity injection vulnerability. An attacker can exploit the vulnerability to obtain arbitrary files on a website, and in severe cases, obtain server control...