Exploit for #VU9538 Privilege escalation in Hikvision Hardware solutions

Published: 2022-09-23 | Updated: 2023-08-28

Vulnerability identifier: #VU9538

Vulnerability risk: Medium

CVSSv3.1: 9.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2017-7921

CWE-ID: CWE-287

Exploitation vector: Network

Exploits in database: 5

August 28, 2023
- CVE-2017-7921 (CVE-2017-7921 exploit. Allows admin password retrieval and automatic snapshot download.) [Github]
July 26, 2023
- CVE-2017-7921-EXPLOIT (A PoC exploit for CVE-2017-7921 - Hikvision Camera Series Improper Authentication Vulnerability.) [Github]
July 5, 2023
- hikivision (CVE-2017-7921 EXPLOIT) [Github]
October 20, 2022
- Unauthenticated information disclosure such as configuration, credentials and camera snapshots of a vulnerable Hikvision IP Camera [Metasploit]
September 23, 2022
- Hikvision IP Camera Unauthenticated Password Change Via Improper Authentication Logic [Metasploit]

Impact: Code execution

Vulnerable software:
DS-2CD63xx Series
Hardware solutions / Firmware
DS-2DFx Series
Hardware solutions / Firmware
DS-2CD4xx5 Series
Hardware solutions / Firmware
DS- 2CD4x2xFWD Series
Hardware solutions / Firmware
DS-2CD2xx2FWD Series
Hardware solutions / Firmware
DS-2CD2xx0F-I Series
Hardware solutions / Firmware
DS-2CD2xx2F-I Series
Hardware solutions / Firmware
Hikvision DVR/NVR Firmware
Hardware solutions / Firmware

Vendor: Hikvision