Hikvision.Product.SDK.WebLanguage.Tag.Command.Injection

Description

This indicates an attack attempt to exploit a Command Injection vulnerability in the web server of Hikvision product.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application.

Outbreak Alert

Due to the insufficient input validation, an attacker can exploit the vulnerability to launch a command injection attack by sending crafted messages with malicious commands.

View the full Outbreak Alert Report

Joint Cybersecurity Advisory (CSA) has released the top Common Vulnerabilities and Exposures (CVEs) used since 2020 by Peoples Republic of China (PRC) state-sponsored cyber actors as assessed by the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI). Previously, FortiGuard labs has already published various Outbreaks Alerts included in the released CISA's advisory such as: Apache Log4j, Hikvision Webserver Vulnerability, Atlassian Confluence OGNL RCE Vulnerability, Microsoft Exchange Server RCE Vulnerabilities etc. See the full list at: https://www.fortiguard.com/outbreak-alert Links to dedicated reports on each published outbreak by FortiGuard Labs are added to Additional Resources section below.

View the full Outbreak Alert Report

Affected Products

DS-2CVxxx1,DS-2CVxxx6 Versions which Build time before 210625
HWI-xxxx Versions which Build time before 210625
IPC-xxxx Versions which Build time before 210625
DS-2CD1xx1,DS-2CD1x23G0,DS-2CD1x23G0E(C),DS-2CD1x43(B),DS-2CD1x43(C),DS-2CD1x43G0E,DS-2CD1x53(B),DS-2CD1x53(C),DS-2CD1xx7G0 Versions which Build time before 210625
DS-2CD2xx6G2,DS-2CD2xx6G2(C),DS-2CD2xx7G2,DS-2CD2xx7G2(C),DS-2CD2x21G0,DS-2CD2x21G0(C) Versions which Build time before 210625
DS-2CD2x21G1,DS-2CD2x21G1(C),DS-2CD2xx3G2,DS-2CD3xx6G2,DS-2CD3xx6G2(C),DS-2CD3xx7G2,DS-2CD3xx7G2(C) Versions which Build time before 210625
DS-2CD3xx7G0E,DS-2CD3x21G0,DS-2CD3x21G0(C),DS-2CD3x51G0(C),DS-2CD3xx3G2,DS-2CD4xx0,DS-2CD4xx6 Versions which Build time before 210625
iDS-2XM6810,iDS-2CD6810,DS-2XE62x2F(D),DS-2XC66x5G0,DS-2XE64x2F(B),DS-2CD8Cx6G0 Versions which Build time before 210625
(i)DS-2DExxxx,(i)DS-2PTxxxx,(i)DS-2SE7xxxx Versions which Build time before 210625
DS-2DYHxxxx,DS-2DY9xxxx Versions which Build time before 210625
PTZ-Nxxxx,HWP-Nxxxx Versions which Build time before 210625
DS-2DF5xxxx~DS-2DF9xxxx Versions which Build time before 210625
iDS-2PT9xxxx,iDS-2SK7xxxx,iDS-2SK8xxxx,iDS-2SR8xxxx,iDS-2VSxxxx Versions which Build time before 210625
DS-2TBxxx,DS-Bxxxx,DS-2TDxxxxB Versions which Build time before 210702
DS-2TD1xxx-xx,DS-2TD2xxx-xx Versions which Build time before 210702
DS-2TD41xx-xx/Wx,DS-2TD62xx-xx/Wx,DS-2TD81xx-xx/Wx,DS-2TD4xxx-xx/V2,DS-2TD62xx-xx/V2,DS-2TD81xx-xx/V2 Versions which Build time before 210702
DS-76xxNI-K1xx(C),DS-76xxNI-Qxx(C),DS-HiLookI-NVR-1xxMHxx-C(C),DS-HiLookI-NVR-2xxMHxx-C(C),DS-HiWatchI-HWN-41xxMHxx(C),DS-HiWatchI-HWN-42xxMHxx(C) V4.30.210 Build201224 - V4.31.000 Build210511
DS-71xxNI-Q1xx(C),DS-HiLookI-NVR-1xxMHxx-D(C),DS-HiLookI-NVR-1xxHxx-D(C),DS-HiWatchI-HWN-21xxMHxx(C),DS-HiWatchI-HWN-21xxHxx(C) V4.30.300 Build210221 - V4.31.100 Build210511

Impact

System Compromise: Remote attackers can execute arbitrary code in the context of the affected application.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification-command-injection-vulnerability-in-some-hikvision-products/

CVE References