Hikvision Remote Code Execution / XSS / SQL Injection
Some Hikvision Hybrid SAN products were vulnerable to multiple remote code execution (command injection) vulnerabilities, including reflected cross
site scripting, Ruby code injection, classic and blind SQL injection
resulting in remote code execution that allows an adversary to execute arbitrary operating system commands and more. However, an adversary must
be on the same network to leverage this vulnerability to execute arbitrary commands.
https://packetstormsecurity.com/files/170818/hikvision-execxsssql.txt
Tue, 31 Jan 2023 17:17:22 GMT
________________________________
--- The information is for inforamtional purposes only.
* Origin: Read us with
http://winpoint.org JID:
rs@captflint.com