CVE-2021-36260 - Hikvision Improper Input Validation

CVE ID:CVE-2021-36260

Project:Hikvision

Product:Security cameras web server

Date Added:2022-01-10Due Date:2022-01-24

Vulnerability Name

Hikvision Improper Input Validation

Description

A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes

https://nvd.nist.gov/vuln/detail/CVE-2021-36260

Related News Articles

CISA and FBI Raise Alerts on Exploited Flaws and Expanding HiatusRAT CampaignDecember 17, 2024

FBI spots HiatusRAT malware attacks targeting web cameras, DVRsDecember 17, 2024

Top Security News

Top CVE List

Top Alert List

CSP
Content Security Policy (CSP) Header Not Set
MediumAbsence of Anti-CSRF Tokens
MediumMissing Anti-clickjacking Header
InformationalInformation Disclosure - Suspicious Comments
LowCross-Domain JavaScript Source File Inclusion
MediumContent Security Policy (CSP) Header Not Set
LowTimestamp Disclosure - Unix
LowCSP: X-Content-Security-Policy
InformationalRe-examine Cache-control Directives

Top CWE List