漏洞信息(CVE-2017-7921)

一、漏洞 CVE-2017-7921 基础信息

漏洞信息

                                        # N/A

## 漏洞概述
Hikvision多个系列设备存在身份验证不当的漏洞，这可能导致恶意用户提升权限并访问敏感信息。

## 影响版本
- DS-2CD2xx2F-I Series: V5.2.0 build 140721至V5.4.0 build 160530
- DS-2CD2xx0F-I Series: V5.2.0 build 140721至V5.4.0 Build 160401
- DS-2CD2xx2FWD Series: V5.3.1 build 150410至V5.4.4 Build 161125
- DS-2CD4x2xFWD Series: V5.2.0 build 140721至V5.4.0 Build 160414
- DS-2CD4xx5 Series: V5.2.0 build 140721至V5.4.0 Build 160421
- DS-2DFx Series: V5.2.0 build 140805至V5.4.5 Build 160928
- DS-2CD63xx Series: V5.0.9 build 140305至V5.3.5 Build 160106

## 漏洞细节
该漏洞存在于应用未能充分或正确验证用户身份的情况下，导致身份验证不当。

## 影响
恶意用户可以利用该漏洞提升自身在系统中的权限，并访问敏感信息。

提示

尽管我们采用了先进的大模型技术，但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确，但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利！

漏洞标题

N/A

来源：美国国家漏洞数据库 NVD

漏洞描述信息

An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.

来源：美国国家漏洞数据库 NVD

CVSS信息

N/A

来源：美国国家漏洞数据库 NVD

漏洞类别

认证机制不恰当

来源：美国国家漏洞数据库 NVD

漏洞标题

多款Hikvision产品安全漏洞

来源：中国国家信息安全漏洞库 CNNVD

漏洞描述信息

Hikvision DS-2CD2xx2F-I Series等都是中国海康威视（Hikvision）公司的网络摄像头产品。多款Hikvision产品中存在身份验证漏洞。攻击者可利用该漏洞提升权限，获取敏感信息的访问权限。以下产品和版本受到影响：Hikvision DS-2CD2xx2F-I Series 5.2.0 build 140721版本至5.4.0 build 160530版本；DS-2CD2xx0F-I Series 5.2.0 build 140721版本至5.4.0 Build 16040

来源：中国国家信息安全漏洞库 CNNVD

CVSS信息

N/A

来源：中国国家信息安全漏洞库 CNNVD

漏洞类别

授权问题

来源：中国国家信息安全漏洞库 CNNVD

二、漏洞 CVE-2017-7921 的公开POC

#	POC 描述	源链接	神龙链接
1	Hikvision camera CVE-2017-7921-EXP	https://github.com/JrDw0/CVE-2017-7921-EXP	POC详情
2	海康威视未授权访问检测poc及口令爆破	https://github.com/BurnyMcDull/CVE-2017-7921	POC详情
3	Hikvision IP camera access bypass exploit, developed by golang.	https://github.com/MisakaMikato/cve-2017-7921-golang	POC详情
4	This python file will decrypt the configurationFile used by hikvision cameras vulnerable to CVE-2017-7921.	https://github.com/chrisjd20/hikvision_CVE-2017-7921_auth_bypass_config_decryptor	POC详情
5	None	https://github.com/p4tq/hikvision_CVE-2017-7921_auth_bypass_config_decryptor	POC详情
6	CVE-2017-7921-EXP Hikvision camera	https://github.com/201646613/CVE-2017-7921	POC详情
7	None	https://github.com/inj3ction/CVE-2017-7921-EXP	POC详情
8	CVE-2017-7921 EXPLOIT	https://github.com/krypton612/hikivision	POC详情
9	A PoC exploit for CVE-2017-7921 - Hikvision Camera Series Improper Authentication Vulnerability.	https://github.com/K3ysTr0K3R/CVE-2017-7921-EXPLOIT	POC详情
10	CVE-2017-7921 exploit. Allows admin password retrieval and automatic snapshot download.	https://github.com/fracergu/CVE-2017-7921	POC详情
11	Python script get image from Hikvision camera with CVE-2017-7921 vulnerability	https://github.com/AnonkiGroup/AnonHik	POC详情
12	None	https://github.com/b3pwn3d/CVE-2017-7921	POC详情
13	None	https://github.com/yousouf-Tasfin/cve-2017-7921-Mass-Exploit	POC详情
14	Test For CVE-2017–7921;	https://github.com/kooroshsanaei/HikVision-CVE-2017-7921	POC详情
15	Identify hikvision ip and probe for cve-s (CVE-2017-7921, CVE-2022-28171, CVE-2021-36260)	https://github.com/aengussong/hikvision_probe	POC详情
16	CVE-2017-7921复现解密文件分享免费下载	https://github.com/andychao/CVE-2017-7921_reproduces_decrypted_file_sharing	POC详情
17	Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices contain an improper authentication issue. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2017/CVE-2017-7921.yaml	POC详情
18	CVE-2017-7921 exploit. Allows admin password retrieval and automatic snapshot download.	https://github.com/GabrielAvls/CVE-2017-7921	POC详情
19	Проверка на уязвимость камер Hikvision - CVE-2017-7921	https://github.com/initon/Hikvision---CVE-2017-7921	POC详情

三、漏洞 CVE-2017-7921 的情报信息

https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01 x_refsource_MISC
https://ghostbin.com/paste/q2vq2 x_refsource_MISC
http://www.hikvision.com/us/about_10805.html x_refsource_MISC
http://www.securityfocus.com/bid/98313 vdb-entry x_refsource_BID
https://nvd.nist.gov/vuln/detail/CVE-2017-7921

四、漏洞 CVE-2017-7921 的评论

暂无评论

一、 漏洞 CVE-2017-7921 基础信息

漏洞信息

提示

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

二、漏洞 CVE-2017-7921 的公开POC

三、漏洞 CVE-2017-7921 的情报信息

四、漏洞 CVE-2017-7921 的评论

发表评论

一、漏洞 CVE-2017-7921 基础信息