Command Injection Vulnerability in Some Hikvision products [CVE-2021-36260]
CVE number = CVE-2021-36260
There is A command injection vulnerability in the web server of some Hikvision products. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.
Users should download the updated firmware to guard against this potential vulnerability. It is available on the Hikvision official website: Firmware download
Affected versions and resolved version:
Information of affected versions and resolved versions:
| Product name | Affected version(s) |
| DS-2CVxxx1 DS-2CVxxx6 | Versions which Build time before 210625 |
| HWI-xxxx | |
| IPC-xxxx | |
| DS-2CD1xx1 | |
| DS-2CD1x23G0DS-2CD1x23G0E(C) DS-2CD1x43(B) DS-2CD1x43(C) DS-2CD1x43G0E DS-2CD1x53(B) DS-2CD1x53(C) | |
| DS-2CD1xx7G0 | |
| DS-2CD2xx6G2DS-2CD2xx6G2(C)DS-2CD2xx7G2DS-2CD2xx7G2(C) | |
| DS-2CD2x21G0DS-2CD2x21G0(C)DS-2CD2x21G1DS-2CD2x21G1(C) | |
| DS-2CD2xx3G2 | |
| DS-2CD3xx6G2DS-2CD3xx6G2(C) DS-2CD3xx7G2 DS-2CD3xx7G2(C) | |
| DS-2CD3xx7G0E | |
| DS-2CD3x21G0DS-2CD3x21G0(C) DS-2CD3x51G0(C) | |
| DS-2CD3xx3G2 | |
| DS-2CD4xx0 DS-2CD4xx6 iDS-2XM6810 iDS-2CD6810 | |
| DS-2XE62x2F(D) DS-2XC66x5G0 DS-2XE64x2F(B) | |
| DS-2CD8Cx6G0 | |
| (i)DS-2DExxxx | |
| (i)DS-2PTxxxx | |
| (i)DS-2SE7xxxx | |
| DS-2DYHxxxx | |
| DS-2DY9xxxx | |
| PTZ-Nxxxx | |
| HWP-Nxxxx | |
| DS-2DF5xxxx DS-2DF6xxxx DS-2DF6xxxx-Cx DS-2DF7xxxx DS-2DF8xxxx DS-2DF9xxxx | |
| iDS-2PT9xxxx | |
| iDS-2SK7xxxx iDS-2SK8xxxx | |
| iDS-2SR8xxxx | |
| iDS-2VSxxxx | |
| DS-2TBxxx DS-Bxxxx DS-2TDxxxxB | Versions which Build time before 210702 |
| DS-2TD1xxx-xx DS-2TD2xxx-xx | |
| DS-2TD41xx-xx/Wx DS-2TD62xx-xx/Wx DS-2TD81xx-xx/Wx DS-2TD4xxx-xx/V2 DS-2TD62xx-xx/V2 DS-2TD81xx-xx/V2 | |
| DS-76xxNI-K1xx(C) DS-76xxNI-Qxx(C) DS-HiLookI-NVR-1xxMHxx-C(C) DS-HiLookI-NVR-2xxMHxx-C(C) DS-HiWatchI-HWN-41xxMHxx(C) DS-HiWatchI-HWN-42xxMHxx(C) | V4.30.210 Build201224 – V4.31.000 Build210511 |
| DS-71xxNI-Q1xx(C) DS-HiLookI-NVR-1xxMHxx-D(C) DS-HiLookI-NVR-1xxHxx-D(C) DS-HiWatchI-HWN-21xxMHxx(C) DS-HiWatchI-HWN-21xxHxx(C) | V4.30.300 Build210221 – V4.31.100 Build210511 |
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.