Vulnerability CVE-2021-36260


Published: 2021-09-22

Description:
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Hikvision Web Server Build 210702 Command Injection
bashis
25.10.2021
High
Hikvision IP Camera Unauthenticated Command Injection
bashis
01.03.2022

Type:

CWE-78

(Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') )

 References:
https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification-command-injection-vulnerability-in-some-hikvision-products/

Copyright 2024, cxsecurity.com

 

Back to Top