Vulnerability identifier: #VU60887
Vulnerability risk: High
CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-78
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
DS-2CVxxx1
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2CVxxx6
Hardware solutions /
Office equipment, IP-phones, print servers
HWI-xxxx
Hardware solutions /
Office equipment, IP-phones, print servers
IPC-xxxx
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2CD1xx1
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2CD1x23G0E(C)
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2CD1x43(B)
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2CD1x43(C)
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2CD1x43G0E
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2CD1x53(B)
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2CD1x53(C)
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2CD1xx7G0
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2CD2xx6G2
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2CD2xx6G2(C)
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2CD2xx7G2
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2CD2xx7G2(C)
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2CD2x21G0(C)
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2CD2x21G1(C)
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2CD2xx3G2
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2CD3xx6G2
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2CD3xx6G2(C)
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2CD3xx7G2
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2CD3xx7G2(C)
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2CD3xx7G0E
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2CD3x21G0
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2CD3x21G0(C)
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2CD3x51G0(C)
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2CD3xx3G2
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2CD4xx0
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2CD4xx6
Hardware solutions /
Office equipment, IP-phones, print servers
iDS-2XM6810
Hardware solutions /
Office equipment, IP-phones, print servers
iDS-2CD6810
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2XE62x2F(D)
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2XC66x5G0
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2XE64x2F(B)
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2CD8Cx6G0
Hardware solutions /
Office equipment, IP-phones, print servers
(i)DS-2PTxxxx
Hardware solutions /
Office equipment, IP-phones, print servers
(i)DS-2SE7xxxx
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2DYHxxxx
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2DY9xxxx
Hardware solutions /
Office equipment, IP-phones, print servers
PTZ-Nxxxx
Hardware solutions /
Office equipment, IP-phones, print servers
HWP-Nxxxx
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2DF5xxxx
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2DF6xxxx
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2DF6xxxx-Cx
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2DF7xxxx
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2DF8xxxx
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2DF9xxxx
Hardware solutions /
Office equipment, IP-phones, print servers
iDS-2PT9xxxx
Hardware solutions /
Office equipment, IP-phones, print servers
iDS-2SK7xxxx
Hardware solutions /
Office equipment, IP-phones, print servers
iDS-2SK8xxxx
Hardware solutions /
Office equipment, IP-phones, print servers
iDS-2SR8xxxx
Hardware solutions /
Office equipment, IP-phones, print servers
iDS-2VSxxxx
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2TBxxx
Hardware solutions /
Office equipment, IP-phones, print servers
DS-Bxxxx
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2TDxxxxB
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2TD1xxx-xx
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2TD2xxx-xx
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2TD41xx-xx/Wx
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2TD62xx-xx/Wx
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2TD81xx-xx/Wx
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2TD4xxx-xx/V2
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2TD62xx-xx/V2
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2TD81xx-xx/V2
Hardware solutions /
Office equipment, IP-phones, print servers
DS-76xxNI-K1xx(C)
Hardware solutions /
Office equipment, IP-phones, print servers
DS-76xxNI-Qxx(C)
Hardware solutions /
Office equipment, IP-phones, print servers
DS-HiLookI-NVR-1xxMHxx-C(C)
Hardware solutions /
Office equipment, IP-phones, print servers
DS-HiLookI-NVR-2xxMHxx-C(C)
Hardware solutions /
Office equipment, IP-phones, print servers
DS-HiWatchI-HWN-41xxMHxx(C)
Hardware solutions /
Office equipment, IP-phones, print servers
DS-HiWatchI-HWN-42xxMHxx(C)
Hardware solutions /
Office equipment, IP-phones, print servers
DS-71xxNI-Q1xx(C)
Hardware solutions /
Office equipment, IP-phones, print servers
DS-HiLookI-NVR-1xxMHxx-D(C)
Hardware solutions /
Office equipment, IP-phones, print servers
DS-HiLookI-NVR-1xxHxx-D(C)
Hardware solutions /
Office equipment, IP-phones, print servers
DS-HiWatchI-HWN-21xxMHxx(C)
Hardware solutions /
Office equipment, IP-phones, print servers
DS-HiWatchI-HWN-21xxHxx(C)
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2CD1x23G0
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2CD2xx1G0
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2CD2xx1G1
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2CD2x27G1
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2CD2x27G3E
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2CD4xx6FWD (Non-ANPR)
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2CD4xx5G0
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2XE6xx5G0
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2XE6xx2F
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2XM6xx2FWD
Hardware solutions /
Office equipment, IP-phones, print servers
DS-2XM6xx2G0
Hardware solutions /
Office equipment, IP-phones, print servers
(i)DS-2DExxxx
Hardware solutions /
Office equipment, IP-phones, print servers
Vendor: Hikvision
Description
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation. A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
DS-2CVxxx1: All versions
DS-2CVxxx6: All versions
HWI-xxxx: All versions
IPC-xxxx: All versions
DS-2CD1xx1: All versions
DS-2CD1x23G0E(C): All versions
DS-2CD1x43(B): All versions
DS-2CD1x43(C): All versions
DS-2CD1x43G0E: All versions
DS-2CD1x53(B): All versions
DS-2CD1x53(C): All versions
DS-2CD1xx7G0: All versions
DS-2CD2xx6G2: All versions
DS-2CD2xx6G2(C): All versions
DS-2CD2xx7G2: All versions
DS-2CD2xx7G2(C): All versions
DS-2CD2x21G0(C): All versions
DS-2CD2x21G1(C): All versions
DS-2CD2xx3G2: All versions
DS-2CD3xx6G2: All versions
DS-2CD3xx6G2(C): All versions
DS-2CD3xx7G2: All versions
DS-2CD3xx7G2(C): All versions
DS-2CD3xx7G0E: All versions
DS-2CD3x21G0: All versions
DS-2CD3x21G0(C): All versions
DS-2CD3x51G0(C): All versions
DS-2CD3xx3G2: All versions
DS-2CD4xx0: All versions
DS-2CD4xx6: All versions
iDS-2XM6810: All versions
iDS-2CD6810: All versions
DS-2XE62x2F(D): All versions
DS-2XC66x5G0: All versions
DS-2XE64x2F(B): All versions
DS-2CD8Cx6G0: All versions
(i)DS-2PTxxxx: All versions
(i)DS-2SE7xxxx: All versions
DS-2DYHxxxx: All versions
DS-2DY9xxxx: All versions
PTZ-Nxxxx: All versions
HWP-Nxxxx: All versions
DS-2DF5xxxx: All versions
DS-2DF6xxxx: All versions
DS-2DF6xxxx-Cx: All versions
DS-2DF7xxxx: All versions
DS-2DF8xxxx: All versions
DS-2DF9xxxx: All versions
iDS-2PT9xxxx: All versions
iDS-2SK7xxxx: All versions
iDS-2SK8xxxx: All versions
iDS-2SR8xxxx: All versions
iDS-2VSxxxx: All versions
DS-2TBxxx: All versions
DS-Bxxxx: All versions
DS-2TDxxxxB: All versions
DS-2TD1xxx-xx: All versions
DS-2TD2xxx-xx: All versions
DS-2TD41xx-xx/Wx: All versions
DS-2TD62xx-xx/Wx: All versions
DS-2TD81xx-xx/Wx: All versions
DS-2TD4xxx-xx/V2: All versions
DS-2TD62xx-xx/V2: All versions
DS-2TD81xx-xx/V2: All versions
DS-76xxNI-K1xx(C): All versions
DS-76xxNI-Qxx(C): All versions
DS-HiLookI-NVR-1xxMHxx-C(C): All versions
DS-HiLookI-NVR-2xxMHxx-C(C): All versions
DS-HiWatchI-HWN-41xxMHxx(C): All versions
DS-HiWatchI-HWN-42xxMHxx(C): All versions
DS-71xxNI-Q1xx(C): All versions
DS-HiLookI-NVR-1xxMHxx-D(C): All versions
DS-HiLookI-NVR-1xxHxx-D(C): All versions
DS-HiWatchI-HWN-21xxMHxx(C): All versions
DS-HiWatchI-HWN-21xxHxx(C): All versions
DS-2CD1x23G0: All versions
DS-2CD2xx1G0: All versions
DS-2CD2xx1G1: All versions
DS-2CD2x27G1: All versions
DS-2CD2x27G3E: All versions
DS-2CD4xx6FWD (Non-ANPR): All versions
DS-2CD4xx5G0: All versions
DS-2XE6xx5G0: All versions
DS-2XE6xx2F: All versions
DS-2XM6xx2FWD: All versions
DS-2XM6xx2G0: All versions
(i)DS-2DExxxx: All versions
External links
http://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification-command-injection-vulnerability-in-some-hikvision-products/
http://packetstormsecurity.com/files/164603/Hikvision-Web-Server-Build-210702-Command-Injection.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.