Web Application FirewallHikvision.Product.SDK.WebLanguage.Tag.Command.Injection
Description
This indicates an attack attempt to exploit a Command Injection vulnerability in the web server of Hikvision product.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application.
Outbreak Alert
Due to the insufficient input validation, an attacker can exploit the vulnerability to launch a command injection attack by sending crafted messages with malicious commands.
Affected Products
DS-2CVxxx1,DS-2CVxxx6 Versions which Build time before 210625
HWI-xxxx Versions which Build time before 210625
IPC-xxxx Versions which Build time before 210625
DS-2CD1xx1,DS-2CD1x23G0,DS-2CD1x23G0E(C),DS-2CD1x43(B),DS-2CD1x43(C),DS-2CD1x43G0E,DS-2CD1x53(B),DS-2CD1x53(C),DS-2CD1xx7G0 Versions which Build time before 210625
DS-2CD2xx6G2,DS-2CD2xx6G2(C),DS-2CD2xx7G2,DS-2CD2xx7G2(C),DS-2CD2x21G0,DS-2CD2x21G0(C) Versions which Build time before 210625
DS-2CD2x21G1,DS-2CD2x21G1(C),DS-2CD2xx3G2,DS-2CD3xx6G2,DS-2CD3xx6G2(C),DS-2CD3xx7G2,DS-2CD3xx7G2(C) Versions which Build time before 210625
DS-2CD3xx7G0E,DS-2CD3x21G0,DS-2CD3x21G0(C),DS-2CD3x51G0(C),DS-2CD3xx3G2,DS-2CD4xx0,DS-2CD4xx6 Versions which Build time before 210625
iDS-2XM6810,iDS-2CD6810,DS-2XE62x2F(D),DS-2XC66x5G0,DS-2XE64x2F(B),DS-2CD8Cx6G0 Versions which Build time before 210625
(i)DS-2DExxxx,(i)DS-2PTxxxx,(i)DS-2SE7xxxx Versions which Build time before 210625
DS-2DYHxxxx,DS-2DY9xxxx Versions which Build time before 210625
PTZ-Nxxxx,HWP-Nxxxx Versions which Build time before 210625
DS-2DF5xxxx~DS-2DF9xxxx Versions which Build time before 210625
iDS-2PT9xxxx,iDS-2SK7xxxx,iDS-2SK8xxxx,iDS-2SR8xxxx,iDS-2VSxxxx Versions which Build time before 210625
DS-2TBxxx,DS-Bxxxx,DS-2TDxxxxB Versions which Build time before 210702
DS-2TD1xxx-xx,DS-2TD2xxx-xx Versions which Build time before 210702
DS-2TD41xx-xx/Wx,DS-2TD62xx-xx/Wx,DS-2TD81xx-xx/Wx,DS-2TD4xxx-xx/V2,DS-2TD62xx-xx/V2,DS-2TD81xx-xx/V2 Versions which Build time before 210702
DS-76xxNI-K1xx(C),DS-76xxNI-Qxx(C),DS-HiLookI-NVR-1xxMHxx-C(C),DS-HiLookI-NVR-2xxMHxx-C(C),DS-HiWatchI-HWN-41xxMHxx(C),DS-HiWatchI-HWN-42xxMHxx(C) V4.30.210 Build201224 - V4.31.000 Build210511
DS-71xxNI-Q1xx(C),DS-HiLookI-NVR-1xxMHxx-D(C),DS-HiLookI-NVR-1xxHxx-D(C),DS-HiWatchI-HWN-21xxMHxx(C),DS-HiWatchI-HWN-21xxHxx(C) V4.30.300 Build210221 - V4.31.100 Build210511
Impact
System Compromise: Remote attackers can execute arbitrary code in the context of the affected application.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification-command-injection-vulnerability-in-some-hikvision-products/
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2022-09-09 | 1.00037 |
CVE References
CVE-2021-36260| ID | 1002017272 |
| Created | Sep 09, 2022 |
| Updated | Sep 09, 2022 |
| Outbreak Alert | Hikvision Command Injection CISAtop20_PRC2022 |
| Risk |
|
| Default Action | pass |
| Active | |
| Affected OS | Windows, Linux |
| Affected App | Other |