CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2021-36260

CVSS 9.8v3.1pub. 2021-09-22upd. 2025-11-10

A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Hikvision Ds 2cd2026g2 Iu\/sl

    HW
    Hikvision
    wszystkie wersje
  • Hikvision Ds 2cd2026g2 Iu\/sl Firmware

    OS
    Hikvision
    wszystkie wersje
  • Hikvision Ds 2cd2027g2 L\(u\)

    HW
    Hikvision
    wszystkie wersje
  • Hikvision Ds 2cd2027g2 L\(u\) Firmware

    OS
    Hikvision
    wszystkie wersje
  • Hikvision Ds 2cd2027g2 Lu\/sl

    HW
    Hikvision
    wszystkie wersje
  • Hikvision Ds 2cd2027g2 Lu\/sl Firmware

    OS
    Hikvision
    wszystkie wersje
  • Hikvision Ds 2cd2046g2 Iu\/sl

    HW
    Hikvision
    wszystkie wersje
  • Hikvision Ds 2cd2046g2 Iu\/sl Firmware

    OS
    Hikvision
    wszystkie wersje
  • Hikvision Ds 2cd2047g2 L\(u\)

    HW
    Hikvision
    wszystkie wersje
  • Hikvision Ds 2cd2047g2 L\(u\) Firmware

    OS
    Hikvision
    wszystkie wersje
  • Hikvision Ds 2cd2066g2 I\(u\)

    HW
    Hikvision
    wszystkie wersje
  • Hikvision Ds 2cd2066g2 I\(u\) Firmware

    OS
    Hikvision
    wszystkie wersje
  • Hikvision Ds 2cd2066g2 Iu\/sl

    HW
    Hikvision
    wszystkie wersje
  • Hikvision Ds 2cd2066g2 Iu\/sl Firmware

    OS
    Hikvision
    wszystkie wersje
  • Hikvision Ds 2cd2086g2 I\(u\)

    HW
    Hikvision
    wszystkie wersje
  • Hikvision Ds 2cd2086g2 I\(u\) Firmware

    OS
    Hikvision
    wszystkie wersje
  • Hikvision Ds 2cd2086g2 Iu\/sl

    HW
    Hikvision
    wszystkie wersje
  • Hikvision Ds 2cd2086g2 Iu\/sl Firmware

    OS
    Hikvision
    wszystkie wersje
  • Hikvision Ds 2cd2087g2 L\(u\)

    HW
    Hikvision
    wszystkie wersje
  • Hikvision Ds 2cd2087g2 L\(u\) Firmware

    OS
    Hikvision
    wszystkie wersje
  • Hikvision Ds 2cd2121g0 I\(w\)\(s\)

    HW
    Hikvision
    wszystkie wersje
  • Hikvision Ds 2cd2121g0 I\(w\)\(s\) Firmware

    OS
    Hikvision
    wszystkie wersje
  • Hikvision Ds 2cd2121g1 I\(w\)

    HW
    Hikvision
    wszystkie wersje
  • Hikvision Ds 2cd2121g1 I\(w\) Firmware

    OS
    Hikvision
    wszystkie wersje
  • Hikvision Ds 2cd2127g2 \( Su\)

    HW
    Hikvision
    wszystkie wersje
  • Hikvision Ds 2cd2127g2 \( Su\) Firmware

    OS
    Hikvision
    wszystkie wersje
  • Hikvision Ds 2cd2147g2 L\(su\)

    HW
    Hikvision
    wszystkie wersje
  • Hikvision Ds 2cd2147g2 L\(su\) Firmware

    OS
    Hikvision
    wszystkie wersje
  • Hikvision Ds 2cd2166g2 I\(su\)

    HW
    Hikvision
    wszystkie wersje
  • Hikvision Ds 2cd2166g2 I\(su\) Firmware

    OS
    Hikvision
    wszystkie wersje

CISA KEV — detailsi

Vendori
Hikvision
Producti
Security cameras web server
Added to KEVi
January 10, 2022
Remediation deadline (US Federal)i
January 24, 2022(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 24 stycznia 2022
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2017-7921CRITICAL9.8⚠ KEVten sam vendor

An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4....

CVE-2023-28812CRITICAL9.1PL ✓ten sam vendor

Buffer overflow w wtyczce przeglądarki Hikvision LocalServiceComponents

CVE-2023-28808CRITICAL9.1ten sam vendor

Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to o...

CVE-2022-28173CRITICAL9.1ten sam vendor

The web server of some Hikvision wireless bridge products have an access control vulnerability which can be us...

CVE-2013-4976CRITICAL9.8ten sam vendor

Hikvision DS-2CD7153-E IP Camera has security bypass via hardcoded credentials