Lucene search
+L

18 matches found

GithubExploit
GithubExploit
added 2026/01/21 1:25 p.m.238 views

Exploit for OS Command Injection in Hikvision Ds-2Cd2026G2-Iu\/Sl_Firmware

Hikvision CVE-2021-36260 RCE Vulnerability Vulnerability D...

9.8CVSS7.3AI score0.99869EPSS
Exploits24
Tenable Nessus
Tenable Nessus
added 2024/07/22 12:0 a.m.149 views

Hikvision Multiple Products Command Injection (CVE-2021-36260)

A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands. This plugin only works with Tenable.ot. Please vis...

9.8CVSS7.4AI score0.99869EPSS
Exploits24References6
Information Security Automation
Information Security Automation
added 2022/10/21 8:10 p.m.162 views

Joint Advisory AA22-279A and Vulristics

Hello everyone! This episode will be about the new hot twenty vulnerabilities from CISA, NSA and FBI, Joint cybersecurity advisory CSA AA22-279A, and how I analyzed these vulnerabilities using my open source project Vulristics. Alternative video link for Russia: Americans cant just release a list...

10CVSS1.1AI score0.99999EPSS
Exploits975
GithubExploit
GithubExploit
added 2022/08/29 3:21 p.m.484 views

Exploit for OS Command Injection in Hikvision Ds-2Cd2026G2-Iu\/Sl_Firmware

CVE-2021-36260 Check whether the Sleep command is e...

9.8CVSS9.1AI score0.99869EPSS
Exploits24
GithubExploit
GithubExploit
added 2022/08/28 3:11 a.m.553 views

Exploit for OS Command Injection in Hikvision Ds-2Cd2026G2-Iu\/Sl_Firmware

RemoteUploader Upload to a specific web server and run remote...

9.8CVSS9AI score0.99869EPSS
Exploits24
Packet Storm
Packet Storm
added 2022/02/28 12:0 a.m.1643 views

Hikvision IP Camera Unauthenticated Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Hikvision IP Camera Unauthenticated Command Injection', 'Description' = %q This module exploits an unauthenticated command injection in a variety...

9.8CVSS1AI score0.99869EPSS
Exploits24
0day.today
0day.today
added 2022/02/28 12:0 a.m.5427 views

Hikvision IP Camera Unauthenticated Command Injection Exploit

This Metasploit module exploits an unauthenticated command injection in a variety of Hikvision IP cameras CVE-2021-36260. The module inserts a command into an XML payload used with an HTTP PUT request sent to the /SDK/webLanguage endpoint, resulting in command execution as the root user. This...

9.8CVSS0.99869EPSS
Exploits24
Metasploit
Metasploit
added 2022/02/26 5:42 p.m.671 views

Hikvision IP Camera Unauthenticated Command Injection

This module exploits an unauthenticated command injection in a variety of Hikvision IP cameras CVE-2021-36260. The module inserts a command into an XML payload used with an HTTP PUT request sent to the /SDK/webLanguage endpoint, resulting in command execution as the root user. This module...

9.8CVSS9.4AI score0.99869EPSS
Exploits24
GithubExploit
GithubExploit
added 2021/12/13 9:23 a.m.659 views

Exploit for OS Command Injection in Hikvision Ds-2Cd2026G2-Iu\/Sl_Firmware

CheckHKRCE CVE-2021-36260 Source code based on: https://githu...

9.8CVSS9AI score0.99869EPSS
Exploits24
ThreatPost
ThreatPost
added 2021/12/08 8:13 p.m.107 views

Moobot Botnet Chews Up Hikvision Surveillance Systems

Although a patch was released in September, any still-vulnerable Hikvision IP Network Video Recorder NVR products are being actively targeted by the Mirai-based botnet known as Moobot. FortiGuard Labs has released a report detailing how the Moobot botnet is leveraging a known remote code executio...

9.8CVSS9AI score0.99869EPSS
Exploits24References17
GithubExploit
GithubExploit
added 2021/11/03 8:11 a.m.966 views

Exploit for OS Command Injection in Hikvision Ds-2Cd2026G2-Iu\/Sl_Firmware

CVE-2021-36260-metasploit the metasploit scriptPOC about CVE...

9.8CVSS9.1AI score0.99869EPSS
Exploits24
GithubExploit
GithubExploit
added 2021/10/27 3:51 p.m.609 views

Exploit for OS Command Injection in Hikvision Ds-2Cd2026G2-Iu\/Sl_Firmware

CVE-2021-36260 CVE-2021-36260 POC command injection vulnerabil...

9.8CVSS9.2AI score0.99869EPSS
Exploits24
Packet Storm
Packet Storm
added 2021/10/25 12:0 a.m.1321 views

Hikvision Web Server Build 210702 Command Injection

Exploit Title: Hikvision Web Server Build 210702 - Command Injection Exploit Author: bashis Vendor Homepage: https://www.hikvision.com/ Version: 1.0 CVE: CVE-2021-36260 Reference: https://watchfulip.github.io/2021/09/18/Hikvision-IP-Camera-Unauthenticated-RCE.html All credit to WatchfulIP...

9.3CVSS0.4AI score0.99869EPSS
Exploits24
CISA
CISA
added 2021/09/28 12:0 a.m.575 views

RCE Vulnerability in Hikvision Cameras (CVE-2021-36260)

Hikvision has released updates to mitigate a command injection vulnerability—CVE-2021-36260—in Hikvision cameras that use a web server service. A remote attacker could exploit this vulnerability to take control of an affected device. CISA encourages users and administrators to review Hikvision’s...

9.3CVSS0.8AI score0.99869EPSS
Exploits24References2
Circl
Circl
added 2021/09/23 8:32 p.m.12 views

CVE-2021-36260

creationtimestamp| type| source ---|---|--- 2021-09-23 20:32:56+00:00| published-proof-of-concept| https://t.me/truesecator/2138 2021-09-23 21:48:55+00:00| seen| https://t.me/NeKaspersky/1250 2021-10-18 06:42:30+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/709 2021-10-27...

9.8CVSS8.3AI score0.99869EPSS
In wildExploits24References42
Vulnrichment
Vulnrichment
added 2021/09/22 12:7 p.m.13 views

CVE-2021-36260

A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands...

9.7AI score0.99869EPSS
Exploits24References5
CVE
CVE
added 2021/09/22 12:7 p.m.1957 views

CVE-2021-36260

CVE-2021-36260 is a command-injection vulnerability in the web server of Hikvision products caused by insufficient input validation. Public details in the provided docs confirm an attacker can trigger remote code execution via crafted messages to the device (no authentication required in some PoC...

9.8CVSS9.4AI score0.99869EPSS
In wildExploits24References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/09/22 12:0 a.m.302 views

CVE-2021-36260

A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands. Recent assessments: Assessed Attacker Value: 0...

9.8CVSS3.2AI score0.99869EPSS
In wildExploits24References6
Rows per page
Query Builder