GobyVuls/Hikvision_iSecure_Center_springboot_Information_disclosure_vulnerability.md

## Hikvision iSecure Center springboot Information disclosure vulnerability

|   **Vulnerability**  | **Hikvision iSecure Center springboot Information disclosure vulnerability**  |
| :----:   | :-----|
|  **Chinese name**  | 海康综合安防管理平台系统 springboot 信息泄露漏洞 |
| **CVSS core**  | 7.5 |
| **FOFA Query**  (click to view the results directly)| [title=\"综合安防管理平台\" && body=\"nginxService/v1/download/InstallRootCert.exe\"](https://en.fofa.info/result?qbase64=dGl0bGU9Iue7vOWQiOWuiemYsueuoeeQhuW5s%2BWPsCIgJiYgYm9keT0ibmdpbnhTZXJ2aWNlL3YxL2Rvd25sb2FkL0luc3RhbGxSb290Q2VydC5leGUi) |
| **Number of assets affected**  | 3095 |
| **Description**  | Hikvision iSecure Center is an integrated management platform, which can centrally manage the access video monitoring points to achieve unified deployment, configuration, management and scheduling. the framework it uses has a spring boot information disclosure vulnerability. An attacker can access the exposed route to obtain information such as environment variables, intranet addresses, and user names in the configuration. |
| **Impact** | Hikvision iSecure Center is a spring boot information disclosure vulnerability. An attacker can access and download the heapdump heap to obtain sensitive information such as the intranet account password. |

![](https://s3.bmp.ovh/imgs/2023/04/13/47c0acd2094e7191.gif)
Create Hikvision_iSecure_Center_springboot_Information_disclosure_vulnerability.md 2023-04-13 15:42:22 +08:00			`## Hikvision iSecure Center springboot Information disclosure vulnerability`

			`\| Vulnerability \| Hikvision iSecure Center springboot Information disclosure vulnerability \|`
			`\| :----: \| :-----\|`
			`\| Chinese name \| 海康综合安防管理平台系统 springboot 信息泄露漏洞 \|`
			`\| CVSS core \| 7.5 \|`
			`\| FOFA Query (click to view the results directly)\| [title=\"综合安防管理平台\" && body=\"nginxService/v1/download/InstallRootCert.exe\"](https://en.fofa.info/result?qbase64=dGl0bGU9Iue7vOWQiOWuiemYsueuoeeQhuW5s%2BWPsCIgJiYgYm9keT0ibmdpbnhTZXJ2aWNlL3YxL2Rvd25sb2FkL0luc3RhbGxSb290Q2VydC5leGUi) \|`
			`\| Number of assets affected \| 3095 \|`
			`\| Description \| Hikvision iSecure Center is an integrated management platform, which can centrally manage the access video monitoring points to achieve unified deployment, configuration, management and scheduling. the framework it uses has a spring boot information disclosure vulnerability. An attacker can access the exposed route to obtain information such as environment variables, intranet addresses, and user names in the configuration. \|`
			`\| Impact \| Hikvision iSecure Center is a spring boot information disclosure vulnerability. An attacker can access and download the heapdump heap to obtain sensitive information such as the intranet account password. \|`

			`![](https://s3.bmp.ovh/imgs/2023/04/13/47c0acd2094e7191.gif)`