Vulnerability Description
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hikvision | Ds-2Cd2026G2-Iu\/Sl Firmware | - |
| Hikvision | Ds-2Cd2026G2-Iu\/Sl | - |
| Hikvision | Ds-2Cd2046G2-Iu\/Sl Firmware | - |
| Hikvision | Ds-2Cd2046G2-Iu\/Sl | - |
| Hikvision | Ds-2Cd2066G2-I\(U\) Firmware | - |
| Hikvision | Ds-2Cd2066G2-I\(U\) | - |
| Hikvision | Ds-2Cd2066G2-Iu\/Sl Firmware | - |
| Hikvision | Ds-2Cd2066G2-Iu\/Sl | - |
| Hikvision | Ds-2Cd2086G2-I\(U\) Firmware | - |
| Hikvision | Ds-2Cd2086G2-I\(U\) | - |
| Hikvision | Ds-2Cd2086G2-Iu\/Sl Firmware | - |
| Hikvision | Ds-2Cd2086G2-Iu\/Sl | - |
| Hikvision | Ds-2Cd2166G2-I\(Su\) Firmware | - |
| Hikvision | Ds-2Cd2166G2-I\(Su\) | - |
| Hikvision | Ds-2Cd2186G2-I\(Su\) Firmware | - |
| Hikvision | Ds-2Cd2186G2-I\(Su\) | - |
| Hikvision | Ds-2Cd2186G2-Isu Firmware | - |
| Hikvision | Ds-2Cd2186G2-Isu | - |
| Hikvision | Ds-2Cd2326G2-Isu\/Sl Firmware | - |
| Hikvision | Ds-2Cd2326G2-Isu\/Sl | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/164603/Hikvision-Web-Server-Build-210702-CoExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/166167/Hikvision-IP-Camera-Unauthenticated-ExploitThird Party AdvisoryVDB Entry
- https://therecord.media/experts-warn-of-widespread-exploitation-involving-hikvisThird Party Advisory
- https://www.cyfirma.com/wp-content/uploads/2022/08/HikvisionSurveillanceCamerasVBroken LinkExploitThird Party Advisory
- https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-noVendor Advisory
- http://packetstormsecurity.com/files/164603/Hikvision-Web-Server-Build-210702-CoExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/166167/Hikvision-IP-Camera-Unauthenticated-ExploitThird Party AdvisoryVDB Entry
- https://therecord.media/experts-warn-of-widespread-exploitation-involving-hikvisThird Party Advisory
- https://www.cyfirma.com/wp-content/uploads/2022/08/HikvisionSurveillanceCamerasVBroken LinkExploitThird Party Advisory
- https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-noVendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-US Government Resource
FAQ
What is CVE-2021-36260?
CVE-2021-36260 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by ...
How severe is CVE-2021-36260?
CVE-2021-36260 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-36260?
Check the references section above for vendor advisories and patch information. Affected products include: Hikvision Ds-2Cd2026G2-Iu\/Sl Firmware, Hikvision Ds-2Cd2026G2-Iu\/Sl, Hikvision Ds-2Cd2046G2-Iu\/Sl Firmware, Hikvision Ds-2Cd2046G2-Iu\/Sl, Hikvision Ds-2Cd2066G2-I\(U\) Firmware.