关联漏洞
标题:
多款Hikvision产品安全漏洞
(CVE-2017-7921)
描述:Hikvision DS-2CD2xx2F-I Series等都是中国海康威视(Hikvision)公司的网络摄像头产品。 多款Hikvision产品中存在身份验证漏洞。攻击者可利用该漏洞提升权限,获取敏感信息的访问权限。以下产品和版本受到影响:Hikvision DS-2CD2xx2F-I Series 5.2.0 build 140721版本至5.4.0 build 160530版本;DS-2CD2xx0F-I Series 5.2.0 build 140721版本至5.4.0 Build 16040
描述
Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices contain an improper authentication issue. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.
文件快照
id: CVE-2017-7921
info:
name: Hikvision - Authentication Bypass
author: princechaddha
severit
...
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。