GobyVuls/Command_Execution_Vulnerability_in_Hikvision_Operations_Management_Center.md at master

mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 10:16:59 +00:00

add Command Execution Vulnerability in Hikvision Operations Management Center

2023-07-21 18:01:52 +08:00

Command Execution Vulnerability in Hikvision Operations Management Center

Vulnerability	Command Execution Vulnerability in Hikvision Operations Management Center
Chinese name	海康运行管理中心命令执行漏洞
CVSS core	9.6
FOFA Query (click to view the results directly)	header="X-Content-Type-Options: nosniff" && body="<h1>Welcome to OpenResty!</h1>" && header="X-Xss-Protection: 1; mode=block"
Number of assets affected	5905
Description	Hikvision is a video-centric provider of intelligent IoT solutions and big data services. A command execution vulnerability exists in the operation and management center system of Hangzhou Hikvision Digital Technology Co. An attacker could use the vulnerability to gain server privileges.
Impact	The latest version has fixed the vulnerability, upgrade the system version to the latest version :https://www.hikvision.com/cn/19th-asian-games/isecure-center/?q=%E6%B5%B7%E5%BA%B7%E5%9F%9F%E8%A7%81%E7%BB%BC%E5%90%88%E5%AE%89%E9%98%B2%E7%AE%A1%E7%90%86%E5%B9%B3%E5%8F%B0