• Language chooser
    • USA (English)
    • France (Français)

Hikvision IP Cameras Command Injection Vulnerability

Released: Aug 26, 2022

Updated: Aug 31, 2022


Medium Severity

IoT Platform

Hikvision Vendor

Vulnerability, Attack Type

A Command Injection vulnerability in the web server of some Hikvision products.

Due to the insufficient input validation, an attacker can exploit the vulnerability to launch a command injection attack by sending crafted messages with malicious commands. Learn More »

Common Vulnerabilities and Exposures

CVE-2021-36260

Background

Hikvision is a leading provider of IoT sensor technologies such as IP cameras used by retail, energy, educational and military sectors. Back in December 2021, Fortinet posted a blog about this vulnerability on how attackers can take advantage of it. For more information, refer to the additional resources.

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


Sep 26, 2021: Security notification released by the vendor Dec 06, 2021: Mirai-based Botnet - Moobot Targets Hikvision Vulnerability, Threat Analysis by Fortinet https://www.fortinet.com/blog/threat-research/mirai-based-botnet-moobot-targets-hikvision-vulnerability


Aug 26, 2022: Tens of thousands of Hikvision IP cameras are still vulnerable to a critical, 11-month-old CVE, leaving thousands of organizations exposed. A recent research shows multiple hacking groups collaborating on exploiting Hikvision IP cameras using the command injection vulnerability (CVE-2021-36260) globally. FortiGuard Labs is seeing active exploitation attempts since the release of IPS signature back in Oct, 2021 and a significant uptick in the last few months.

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT
DETECT
RESPOND
  • Assisted Response Services

  • Automated Response

RECOVER
  • InfoSec Services

IDENTIFY
  • Attack Surface Monitoring (Inside & Outside)

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.


Loading ...

Indicators of compromise Indicators of compromise
IOC Indicator List
Indicator Type Status
rippr.cc domain Active
n1gger.com domain Inactive
typicalniggerdayatthecoolaidparty.n1gger.com domain Inactive
31.13.195.56 ip Active
audi.n1gger.com domain Active
botnetisharam.com domain Active
raiseyourdongers.pw domain Active
http://nlocalhost.wordtheminer.com:422/ url Active
http://nlocalhost.wordtheminer.com:9746/ url Active
http://wor.wordtheminer.com:8725/ url Active
nlocalhost.wordtheminer.com domain Inactive
proxy.2u0apcm6ylhdy7s.com domain Inactive
http://45.95.168.90/le.bot.arm7 url Active
45.95.168.248 ip Active
http://45.95.168.248/1/arm6 url Active
190.115.18.238 ip Active
2u0apcm6ylhdy7s.com domain Active
37.49.226.216 ip Active
45.95.168.90 ip Active
abcdefg.elrooted.com domain Inactive
cyberium.cc domain Active
cykablyat.raiseyourdongers.pw domain Inactive
elrooted.com domain Active
frsaxhta.elrooted.com domain Inactive
gcc.cyberium.cc domain Inactive
osrq.xyz domain Active
park.cyberium.cc domain Active
park.elrooted.com domain Inactive
rr442myy7yz4.osrq.xyz domain Inactive
tbpsboy.com domain Active
wor.wordtheminer.com domain Active
wordtheminer.com domain Active
zrqq.xyz domain Active
185.172.111.189 ip Active
yakasoft.org domain Active
107.172.197.101 ip Active
http://172.245.205.137/i586 url Active
http://172.245.205.137/i686 url Active
http://172.245.205.137/x86_64 url Active
http://172.245.205.137/sparc url Active
http://172.245.205.137/mipsel url Active
http://172.245.205.137/mips url Active
http://172.245.205.137/sh4 url Active
http://172.245.205.137/arm7 url Active
http://172.245.205.137/arm6 url Active
http://172.245.205.137/arm5 url Active
http://172.245.205.137/arm url Active
http://185.239.242.195/b/bot.x86 url Active
http://185.239.242.195/i586 url Active
http://185.239.242.195/arm url Active
http://185.239.242.195/arm6 url Active
http://185.239.242.195/arm7 url Active
http://185.239.242.195/i686 url Active
http://185.239.242.195/mips url Active
http://185.239.242.195/mipsel url Active
http://185.239.242.195/sh4 url Active
http://185.239.242.195/x86_64 url Active
http://185.239.242.195/arm5 url Active
http://185.239.242.195/b/bot.sh4 url Active
http://185.239.242.195/b/bot.arm url Active
http://185.239.242.195/b/bot.arm5 url Active
http://185.239.242.195/b/bot.arm6 url Active
http://185.239.242.195/b/bot.arm7 url Active
http://185.239.242.195/b/bot.i686 url Active
http://185.239.242.195/b/bot.mips url Active
http://185.239.242.195/b/bot.mpsl url Active
http://185.239.242.195/welcome/bot.x86 url Active
http://185.239.242.195/welcome/bot.arm url Active
http://185.239.242.195/welcome/bot.arm5 url Active
http://185.239.242.195/welcome/bot.arm6 url Active
http://185.239.242.195/welcome/bot.arm7 url Active
http://185.239.242.195/welcome/bot.i686 url Active
http://185.239.242.195/welcome/bot.mips url Active
http://185.239.242.195/welcome/bot.mpsl url Active
http://185.239.242.195/welcome/bot.sh4 url Active
http://89.248.166.183/arm6 url Active
89.248.166.183 ip Active
http://89.248.166.183/arm url Active
http://89.248.166.183/arm5 url Active
http://89.248.166.183/mips url Active
http://bigbots.cc/arm url Active
http://bigbots.cc/arm5 url Active
http://bigbots.cc/arm6 url Active
http://bigbots.cc/mips url Active
http://bigbots.cc/mipsel url Active
http://bigbots.cc/x86_64 url Active
http://37.46.150.4/welcome/bot.arm7 url Active
http://37.46.150.4/welcome/bot.arm5 url Active
http://37.46.150.4/welcome/bot.mips url Active
http://45.153.203.33/welcome/bot.mips url Active
http://45.153.203.33/welcome/bot.arm7 url Active
http://45.153.203.33/welcome/bot.x86 url Active
http://45.153.203.33/welcome/bot.mpsl url Active
http://5.199.139.93/arm url Active
http://5.199.139.93/x86_64 url Active
http://5.199.139.93/arm5 url Active
http://5.199.139.93/i686 url Active
http://5.199.139.93/sh4 url Active
http://5.199.139.93/mips url Active
http://5.199.139.93/arm7 url Active
Indicators of compromise Indicators of compromise
IOC Threat Activity

Last 30 days

Chg

Avg 0