Lucene search
CISACISA:28C7B30B096401B3117E4D6288853BD7HistorySep 28, 2021 - 12:00 a.m.
RCE Vulnerability in Hikvision Cameras (CVE-2021-36260)
2021-09-2800:00:00
us-cert.cisa.gov
430
0.975 High
EPSS
Percentile
100.0%
Hikvision has released updates to mitigate a command injection vulnerability—CVE-2021-36260—in Hikvision cameras that use a web server service. A remote attacker could exploit this vulnerability to take control of an affected device.
CISA encourages users and administrators to review Hikvision’s Security Advisory HSRC-202109-01 and apply the latest firmware updates. See security researcher Watchful IP’s technical blogpost for more information.
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
We recently updated our anonymous product survey; we’d welcome your feedback.
References
Related
cisa_kev
cisa_kev
Hikvision Improper Input Validation
2022-01-10 00:00:00
cve
cve
CVE-2021-36260
2021-09-22 13:15:07
githubexploit
githubexploit
Exploit for OS Command Injection in Hikvision Ds-2Cd2026G2-Iu/Sl Firmware
2021-10-18 06:40:48
Exploit for OS Command Injection in Hikvision Ds-2Cd2026G2-Iu/Sl Firmware
2021-11-03 08:11:49
Exploit for OS Command Injection in Hikvision Ds-2Cd2026G2-Iu/Sl Firmware
2022-08-03 17:27:59
openvas
openvas
Hikvision IP Camera RCE Vulnerability (HSRC-202109-01) - Active Check
2022-08-24 00:00:00
malwarebytes
malwarebytes
Patch now! Insecure Hikvision security cameras can be taken over remotely
2021-09-22 12:19:40
Chinese APT's favorite vulnerabilities revealed
2022-10-13 16:15:00
packetstorm
packetstorm
Hikvision IP Camera Unauthenticated Command Injection
2022-02-28 00:00:00
Hikvision Web Server Build 210702 Command Injection
2021-10-25 00:00:00
threatpost
threatpost
Moobot Botnet Chews Up Hikvision Surveillance Systems
2021-12-08 20:13:18
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
2022-08-25 18:47:15
prion
prion
Command injection
2021-09-22 13:15:00
zdt
zdt
Hikvision IP Camera Unauthenticated Command Injection Exploit
2022-02-28 00:00:00
Hikvision Web Server Build 210702 - Command Injection Exploit
2021-10-25 00:00:00
checkpoint_advisories
checkpoint_advisories
Hikvision Web Server Command Injection (CVE-2021-36260)
2022-03-28 00:00:00
cvelist
cvelist
CVE-2021-36260
2021-09-22 12:07:55
nessus
nessus
Hikivision IP Camera Command Injection Vulnerability
2023-01-13 00:00:00
metasploit
metasploit
Hikvision IP Camera Unauthenticated Command Injection
2022-02-19 21:13:24
nvd
nvd
CVE-2021-36260
2021-09-22 13:15:07
nuclei
nuclei
Hikvision IP camera/NVR - Remote Command Execution
2021-10-29 08:17:09
exploitdb
exploitdb
Hikvision Web Server Build 210702 - Command Injection
2021-10-25 00:00:00
attackerkb
attackerkb
CVE-2021-36260
2021-09-22 00:00:00
securelist
securelist
DDoS attacks in Q4 2021
2022-02-10 10:00:04
thn
thn
Over 300,000 MikroTik Devices Found Vulnerable to Remote Hacking Bugs
2021-12-09 11:15:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2022-03-04 21:52:42
cisa
cisa
CISA Adds 15 Known Exploited Vulnerabilities to Catalog
2022-01-10 00:00:00
qualysblog
qualysblog
avleonov
avleonov
Joint Advisory AA22-279A and Vulristics
2022-10-21 20:10:13
ics
ics
mssecure
mssecure
Microsoft research uncovers new Zerobot capabilities
2022-12-21 20:00:00
mmpc
mmpc
Microsoft research uncovers new Zerobot capabilities
2022-12-21 20:00:00