CVE-2021-36260
command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands. (by Aiminsun)
PoC
Issues has been disabled for these PoC's, as they are simply PoC, Public Domain and unsupported. (by mcw0)
| CVE-2021-36260 | PoC | |
|---|---|---|
| 1 | 3 | |
| 229 | 685 | |
| - | - | |
| 4.6 | 0.0 | |
| over 2 years ago | over 1 year ago | |
| Python | Python | |
| - | The Unlicense |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
CVE-2021-36260
Posts with mentions or reviews of CVE-2021-36260.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2021-10-28.
-
Unauthenticated RCE vulnerability in Hikvision IP camera/NVR firmware (CVE-2021-36260)
Poc here: https://github.com/Aiminsun/CVE-2021-36260/blob/main/CVE-2021-36260.py
PoC
Posts with mentions or reviews of PoC.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2021-10-28.
-
Home security surveillance cameras and privacy.
A Dahua back door authentication was discovered in all of there firmware, there is a programmer that wrote a python script to show the exploit. Obviously its intentional, "accidental backdoor" is an oxymoron. No reputable company would have any backdoor, and the "Fix", is replaced with an ever more difficult to find back door.
-
Unauthenticated RCE vulnerability in Hikvision IP camera/NVR firmware (CVE-2021-36260)
In reality, if you publish any details at all about a vulnerability you found, people will figure it out.
-
POE camera recommendations
2017 published Dahua backdoor with exploit.
What are some alternatives?
When comparing CVE-2021-36260 and PoC you can also consider the following projects:
PoC - Advisories, proof of concept files and exploits that have been made public by @pedrib.