Create Command_Execution_Vulnerability_in_Hikvision_Operations_Management_Center.md

add Command Execution Vulnerability in Hikvision Operations Management Center
2025-05-05 10:16:59 +00:00 · 2023-07-21 18:01:52 +08:00 · 2023-07-21 18:01:52 +08:00 · 1373ef86c1
commit 1373ef86c1
parent 753b72f216
1 changed files with 12 additions and 0 deletions
--- a/Command_Execution_Vulnerability_in_Hikvision_Operations_Management_Center.md
+++ b/Command_Execution_Vulnerability_in_Hikvision_Operations_Management_Center.md
@ -0,0 +1,12 @@
+## Command Execution Vulnerability in Hikvision Operations Management Center
+
+|   **Vulnerability**  | **Command Execution Vulnerability in Hikvision Operations Management Center**  |
+| :----:   | :-----|
+| **Chinese name**  | 海康运行管理中心命令执行漏洞 |
+| **CVSS core**  | 9.6 |
+| **FOFA Query**  (click to view the results directly)| [header="X-Content-Type-Options: nosniff" && body="\<h1>Welcome to OpenResty!\</h1>" && header="X-Xss-Protection: 1; mode=block"](https://en.fofa.info/result?qbase64=aGVhZGVyPSJYLUNvbnRlbnQtVHlwZS1PcHRpb25zOiBub3NuaWZmIiAmJiBib2R5PSI8aDE%2BV2VsY29tZSB0byBPcGVuUmVzdHkhPC9oMT4iICYmIGhlYWRlcj0iWC1Yc3MtUHJvdGVjdGlvbjogMTsgbW9kZT1ibG9jayI%3D) |
+| **Number of assets affected**  | 5905 |
+| **Description**  | Hikvision is a video-centric provider of intelligent IoT solutions and big data services. A command execution vulnerability exists in the operation and management center system of Hangzhou Hikvision Digital Technology Co. An attacker could use the vulnerability to gain server privileges. |
+| **Impact** | The latest version has fixed the vulnerability, upgrade the system version to the latest version :https://www.hikvision.com/cn/19th-asian-games/isecure-center/?q=%E6%B5%B7%E5%BA%B7%E5%9F%9F%E8%A7%81%E7%BB%BC%E5%90%88%E5%AE%89%E9%98%B2%E7%AE%A1%E7%90%86%E5%B9%B3%E5%8F%B0 |
+
+![](https://s3.bmp.ovh/imgs/2023/07/21/9e8983187d4816a8.gif)