qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/Hikvision-Web-Server-RCE-(C...

69 lines
4.8 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "Hikvision Web Server RCE (CVE-2021-36260)",
"Description": "<p>Hikvision Web Server is a Web server of China's Hikvision company. Used to parse the agreement and provide services.</p><p>There is a command injection vulnerability in Hikvision Web Server, which stems from insufficient input validation. An attacker can use this vulnerability to initiate a command injection attack by sending a message with a malicious command to gain server permissions.</p>",
"Product": "Hikvision Web Server",
"Homepage": "https://www.hikvision.com",
"DisclosureDate": "2021-09-25",
"Author": "1291904552@qq.com",
"FofaQuery": "(app=\"HIKVISION-视频监控\" && (banner!=\"App-webs/\" || header!=\"App-webs/\" || header!=\"App-webs/\" || banner!=\"webserver\") && \"-1e0-\") && (is_honeypot=false && is_fraud=false)",
"GobyQuery": "(app=\"HIKVISION-视频监控\" && (banner!=\"App-webs/\" || header!=\"App-webs/\" || header!=\"App-webs/\" || banner!=\"webserver\") && \"-1e0-\") && (is_honeypot=false && is_fraud=false)",
"Level": "3",
"Impact": "<p>There is a command injection vulnerability in Hikvision Web Server, which stems from insufficient input validation. An attacker can use this vulnerability to initiate a command injection attack by sending a message with a malicious command to gain server permissions.</p>",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://www.hikvision.com/cn/support/CybersecurityCenter/SecurityNotices/20210919/\">https://www.hikvision.com/cn/support/CybersecurityCenter/SecurityNotices/20210919/</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>",
"Translation": {
"CN": {
"Name": "Hikvision Web Server 命令注入漏洞CVE-2021-36260",
"Product": "Hikvision Web Server",
"VulType": ["命令执行"],
"Tags": ["命令执行"],
"Description": "<p>Hikvision Web Server是中国海康威视Hikvision公司的一个Web服务器。用于解析协议提供服务。</p><p>Hikvision Web Server 中存在命令注入漏洞,该漏洞源于输入验证不足。攻击者可利用该漏洞通过发送带有恶意命令的消息来发起命令注入攻击,获取服务器权限。</p>",
"Impact": "<p>Hikvision Web Server 中存在命令注入漏洞,该漏洞源于输入验证不足。攻击者可利用该漏洞通过发送带有恶意命令的消息来发起命令注入攻击。</p>",
"Recommendation": "<p>⼚商已发布了漏洞修复程序,请及时关注更新:<a href=\"https://www.hikvision.com/cn/support/CybersecurityCenter/SecurityNotices/20210919/\">https://www.hikvision.com/cn/support/CybersecurityCenter/SecurityNotices/20210919/</a></p><p>1、通过防⽕墙等安全设备设置访问策略设置⽩名单访问。</p><p>2、如⾮必要禁⽌公⽹访问该系统。</p>"
},
"EN": {
"Name": "Hikvision Web Server RCE (CVE-2021-36260)",
"Product": "Hikvision Web Server",
"VulType": ["rce"],
"Tags": ["rce"],
"Description": "<p>Hikvision Web Server is a Web server of China's Hikvision company. Used to parse the agreement and provide services.</p><p>There is a command injection vulnerability in Hikvision Web Server, which stems from insufficient input validation. An attacker can use this vulnerability to initiate a command injection attack by sending a message with a malicious command to gain server permissions.</p>",
"Impact": "<p>There is a command injection vulnerability in Hikvision Web Server, which stems from insufficient input validation. An attacker can use this vulnerability to initiate a command injection attack by sending a message with a malicious command to gain server permissions.</p>",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://www.hikvision.com/cn/support/CybersecurityCenter/SecurityNotices/20210919/\">https://www.hikvision.com/cn/support/CybersecurityCenter/SecurityNotices/20210919/</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2. If not necessary, prohibit public network access to the system.</p>"
}
},
"References": [
"https://nosec.org/home/detail/4869.html"
],
"HasExp": true,
"ExpParams": [
{
"name": "cmd",
"type": "createSelect",
"value": "ls /devinfo,cat /etc/passwd"
}
],
"ExpTips": null,
"ScanSteps": null,
"Tags": [
"rce"
],
"VulType": [
"rce"
],
"CVEIDs": [
"CVE-2021-36260"
],
"CVSSScore": "9.8",
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service": null,
"System": null,
"Hardware": ["Hikvision Web Server"]
},
"CNNVD": [
"CNNVD-202109-1602"
],
"CNVD": [
""
]
}
Reference in New Issue View Git Blame Copy Permalink