|
61145 | 61145 | "session_types": false, |
61146 | 61146 | "needs_cleanup": null |
61147 | 61147 | }, |
| 61148 | + "exploit_linux/http/hikvision_cve_2021_36260_blind": { |
| 61149 | + "name": "Hikvision IP Camera Unauthenticated Command Injection", |
| 61150 | + "fullname": "exploit/linux/http/hikvision_cve_2021_36260_blind", |
| 61151 | + "aliases": [ |
| 61152 | + |
| 61153 | + ], |
| 61154 | + "rank": 600, |
| 61155 | + "disclosure_date": "2021-09-18", |
| 61156 | + "type": "exploit", |
| 61157 | + "author": [ |
| 61158 | + "Watchful_IP", |
| 61159 | + "bashis", |
| 61160 | + "jbaines-r7" |
| 61161 | + ], |
| 61162 | + "description": "This module exploits an unauthenticated command injection in a variety of Hikvision IP\n cameras (CVE-2021-36260). The module inserts a command into an XML payload used with an\n HTTP PUT request sent to the `/SDK/webLanguage` endpoint, resulting in command execution\n as the `root` user.\n\n This module specifically attempts to exploit the blind variant of the attack. The module\n was successfully tested against an HWI-B120-D/W using firmware V5.5.101 build 200408. It\n was also tested against an unaffected DS-2CD2142FWD-I using firmware V5.5.0 build 170725.\n Please see the Hikvision advisory for a full list of affected products.", |
| 61163 | + "references": [ |
| 61164 | + "CVE-2021-36260", |
| 61165 | + "URL-https://watchfulip.github.io/2021/09/18/Hikvision-IP-Camera-Unauthenticated-RCE.html", |
| 61166 | + "URL-https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification-command-injection-vulnerability-in-some-hikvision-products/security-notification-command-injection-vulnerability-in-some-hikvision-products/", |
| 61167 | + "URL-https://github.com/mcw0/PoC/blob/master/CVE-2021-36260.py" |
| 61168 | + ], |
| 61169 | + "platform": "Linux,Unix", |
| 61170 | + "arch": "cmd, armle", |
| 61171 | + "rport": 80, |
| 61172 | + "autofilter_ports": [ |
| 61173 | + 80, |
| 61174 | + 8080, |
| 61175 | + 443, |
| 61176 | + 8000, |
| 61177 | + 8888, |
| 61178 | + 8880, |
| 61179 | + 8008, |
| 61180 | + 3000, |
| 61181 | + 8443 |
| 61182 | + ], |
| 61183 | + "autofilter_services": [ |
| 61184 | + "http", |
| 61185 | + "https" |
| 61186 | + ], |
| 61187 | + "targets": [ |
| 61188 | + "Unix Command", |
| 61189 | + "Linux Dropper" |
| 61190 | + ], |
| 61191 | + "mod_time": "2022-02-25 08:32:06 +0000", |
| 61192 | + "path": "/modules/exploits/linux/http/hikvision_cve_2021_36260_blind.rb", |
| 61193 | + "is_install_path": true, |
| 61194 | + "ref_name": "linux/http/hikvision_cve_2021_36260_blind", |
| 61195 | + "check": true, |
| 61196 | + "post_auth": false, |
| 61197 | + "default_credential": false, |
| 61198 | + "notes": { |
| 61199 | + "Stability": [ |
| 61200 | + "crash-safe" |
| 61201 | + ], |
| 61202 | + "Reliability": [ |
| 61203 | + "repeatable-session" |
| 61204 | + ], |
| 61205 | + "SideEffects": [ |
| 61206 | + "ioc-in-logs", |
| 61207 | + "artifacts-on-disk" |
| 61208 | + ] |
| 61209 | + }, |
| 61210 | + "session_types": false, |
| 61211 | + "needs_cleanup": true |
| 61212 | + }, |
61148 | 61213 | "exploit_linux/http/hp_system_management": { |
61149 | 61214 | "name": "HP System Management Anonymous Access Code Execution", |
61150 | 61215 | "fullname": "exploit/linux/http/hp_system_management", |
|
0 commit comments