GobyVuls/Hikvision_iSecure_Center_springboot_Information_disclosure_vulnerability.md at 66d780b5ad36623f0f9c6385fac5be03ae5d15b8 - GobyVuls - 临风笛

admin/GobyVuls

mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-06 02:31:35 +00:00

之乎者也 30080e6409

Create Hikvision_iSecure_Center_springboot_Information_disclosure_vulnerability.md

2023-04-13 15:42:22 +08:00

1.4 KiB

Raw Blame History

Hikvision iSecure Center springboot Information disclosure vulnerability

Vulnerability	Hikvision iSecure Center springboot Information disclosure vulnerability
Chinese name	海康综合安防管理平台系统 springboot 信息泄露漏洞
CVSS core	7.5
FOFA Query (click to view the results directly)	title="综合安防管理平台" && body="nginxService/v1/download/InstallRootCert.exe"
Number of assets affected	3095
Description	Hikvision iSecure Center is an integrated management platform, which can centrally manage the access video monitoring points to achieve unified deployment, configuration, management and scheduling. the framework it uses has a spring boot information disclosure vulnerability. An attacker can access the exposed route to obtain information such as environment variables, intranet addresses, and user names in the configuration.
Impact	Hikvision iSecure Center is a spring boot information disclosure vulnerability. An attacker can access and download the heapdump heap to obtain sensitive information such as the intranet account password.