STRLCPY/CVE-2021-36260

Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)

Total 1 files

■ ■ ■ ■ ■ ■

README.md

1	1		# CVE-2021-36260
2	2		command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.
3	3
4		-	# Exploit Title: Hikvision Web Server Build 210702 - Command Injection
5		-	# Exploit Author: bashis
6		-	# Vendor Homepage: https://www.hikvision.com/
7		-	# Version: 1.0
8		-	# CVE: CVE-2021-36260
9		-	# Reference: https://watchfulip.github.io/2021/09/18/Hikvision-IP-Camera-Unauthenticated-RCE.html
	4	+	Exploit Title: Hikvision Web Server Build 210702 - Command Injection
	5	+	Exploit Author: bashis
	6	+	Vendor Homepage: https://www.hikvision.com/
	7	+	Version: 1.0
	8	+	CVE: CVE-2021-36260
	9	+	Reference: https://watchfulip.github.io/2021/09/18/Hikvision-IP-Camera-Unauthenticated-RCE.html
10	10
11	11		# All credit to Watchful_IP
12	12
		skipped 29 lines
42	42
43	43		Execute blind command:
44	44		$./CVE-2021-36260.py --rhost 192.168.57.20 --rport 8080 --cmd_blind "reboot"
	45	+	"""
45	46