CVE-2021-36260

Name of the Vulnerable Software and Affected Versions Hikvision products (affected versions not specified)

Description A command injection issue exists in the web server of certain Hikvision products due to insufficient input validation. A remote attacker can exploit this by sending specially crafted messages containing malicious commands to the HTTP(S) server ports (typically 80 or 443), specifically targeting the language parameter. This allows for zero-click remote code execution, enabling the attacker to obtain root access and full control over the device. Compromised devices can be used to access internal networks or be recruited into botnets, such as Mirai-based variants like Moobot, to launch DDoS attacks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.