CVE-2021-36260
| CVE Published | 2021-09-22 |
|---|---|
| Related CWE(s) | CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| Related Vendor(s) | hikvision |
| Related Product(s) | ds-2cd3126g2-is_firmware, ds-2df8a442ixs-ael\(t5\)_firmware, ds-7104ni-q1\/4p\/m_firmware, ds-2td6267-100c4l\/wy_firmware, ds-2td8167-230zg2f\/wy_firmware, ds-2df8a442ixs-aely\(t5\)_firmware, ds-2cd2123g2-i\(s\)_firmware, ds-2cd2147g2-l\(su\)_firmware, ds-2cd3743g2-izs_firmware, ds-2cd2346g2-isu\/sl_firmware, ptz-n5225i-a_firmware, ds-2cd3323g2-iu_firmware, ds-7104ni-q1\/4p_firmware, ds-2cd3547g2-ls_firmware, ds-2td1217b-6\/pa_firmware, ds-2cd2446g2-i_firmware, ds-2cd3656g2-izs_firmware, ds-2cd3056g2iu\/sl_firmware, ds-2cd2583g2-i\(s\)_firmware, ds-2xe6422fwd-izhrs_firmware, ids-2vs435-f840-ey\(t3\)_firmware, ds-2cd3386g2-is\(u\)_firmware, ds-7108ni-q1\/8p_firmware, ds-7604ni-q1\/4p_firmware, ds-2cd3643g2-izs_firmware, ds-2cd2621g0-i\(z\)\(s\)_firmware, ds-2cd3563g2-is_firmware, ds-2cd3363g2-iu_firmware, ds-2td4166t-9_firmware, ds-2cd3156g2-is\(u\)_firmware, ds-2td8166-180ze2f\/v2_firmware, ds-2cd2563g2-i\(s\)_firmware, ds-2dy9236i8x-a_firmware, ds-2cd2527g2-ls_firmware, ds-2td8166-100c2f\/v2_firmware, ds-2cd3026g2-is_firmware, ds-2cd3386g2-is_firmware, ds-2cd2426g2-i_firmware, ds-2td4167-25\/w_firmware, ds-2df6a825x-ael_firmware, ds-2cd3556g2-is_firmware, ds-2df6a436x-ael\(t5\)_firmware, ds-2cd2566g2-i\(s\)_firmware, ds-2cd2543g2-i\(ws\)_firmware, ds-2cd2526g2-is_firmware, ds-2cd3343g2-iu_firmware, ds-2cd2643g2-izs_firmware, ds-2df8225ih-ael_firmware, ds-2cd3063g2-iu_firmware, ds-2df8242i5x-aelw\(t5\)_firmware, ds-2cd2121g1_firmware, ds-2cd2721g0-i\(z\)\(s\)_firmware, ids-2sk8144ixs-d\/j_firmware, ds-2cd2083g2-i\(u\)_firmware, ds-2cd2387g2-l\(u\)_firmware, ds-2df5225x-ael\(t3\)_firmware, ds-2dy9236i8x-a\(t3\)_firmware, ds-2cd2323g2-i\(u\)_firmware, ds-7616ni-q2\/16p_firmware, ds-2td6267-75c4l\/w_firmware, ds-2xe6482f-izhrs_firmware, ds-760ni-k1\/4p_firmware, ptz-n4215i-de_firmware, ds-2cd2183g2-i\(s\)_firmware, ds-2td6267-75c4l\/wy_firmware, ds-2df8a442ixs-ael\(t2\)_firmware, ds-2td1117-6\/pa_firmware, ds-2td8167-230zg2f\/w_firmware, ds-2cd2183g2-iu_firmware, ds-2cd2663g2-izs_firmware, ds-2df8225ix-aelw\(t5\)_firmware, ds-2cd3356g2-isu\/sl_firmware, ds-2td4137-25\/w_firmware, ds-2cd2027g2-lu\/sl_firmware, ds-2df7225ix-ael\(t3\)_firmware, ds-2cd2163g2-iu_firmware, ds-2cd2723g2-izs_firmware, ds-7608ni-k1\/4g_firmware, ds-2cd2347g2-lsu\/sl_firmware, ds-2cd2063g2-i\(u\)_firmware, ds-2cd2547g2-lzs_firmware, ds-2df8425ix-aelw\(t5\)_firmware, ds-2cd2526g2-i\(s\)_firmware, ds-2cd3186g2-is\(u\)_firmware, ds-2cd2086g2-i\(u\)_firmware, ds-2df8442ixs-aelw\(t2\)_firmware, ds-2df8442ixs-aely\(t5\)_firmware, ds-2td8167-150zc4f\/w_firmware, ds-7604ni-k1_firmware, ds-2cd3043g2-iu_firmware, ds-7608ni-q1_firmware, ds-2cd2386g2-isu\/sl_firmware, ds-2td6236t-50h2l_firmware, ds-2cd2026g2-iu\/sl_firmware, ds-2cd2326g2-isu\/sl_firmware, ds-2cd2047g2-l\(u\)_firmware, ds-2cd3026g2-iu\/sl_firmware, ds-2cd3126g2-is\(u\)_firmware, ds-2df8225ix-aelw\(t3\)_firmware, ds-2cd3786g2-izs_firmware, ds-2xe6242f-is\/316l\(b\)_firmware, ds-2td8167-190ze2f\/w_firmware, ds-2df8425ix-aelw\(t3\)_firmware, ds-2cd2123g2-iu_firmware, ds-2cd3056g2-is_firmware, ds-2cd2783g2-izs_firmware, ptz-n4225i-de_firmware, ds-2cd3726g2-izs_firmware, ds-7608ni-k1_firmware, ds-2td6237-50h4l\/w_firmware, ds-2df8242i5x-aelw\(t3\)_firmware, ds-2dy9236x-a\(t3\)_firmware, ds-2cd3023g2-iu_firmware, ds-2df8a442nxs-ael\(t5\)_firmware, ds-2cd2786g2-izs_firmware, ids-2vs435-f840-ey_firmware, ds-2cd3047g2-ls_firmware, ds-2cd3356g2-is_firmware, ds-2cd2343g2-i\(u\)_firmware, ds-2td4137-50\/w_firmware, ds-2td6266t-50h2l_firmware, ds-2df8225ix-ael\(t5\)_firmware, ds-2df8236i5x-aelw_firmware, ds-2cd2686g2-izs_firmware, ds-2df7232ix-ael\(t3\)_firmware, ds-2cd2547g2-ls_firmware, ds-2cd2121g0-i\(w\)\(s\)_firmware, ds-2cd3356g2-is\(u\)_firmware, ds-2cd3626g2-izs_firmware, ds-2td1117-2\/pa_firmware, ds-2df8242i5x-ael\(t3\)_firmware, ds-2cd2546g2-i\(s\)_firmware, ds-2df6a836x-ael\(t5\)_firmware, ds-2cd2121g1-idw_firmware, ds-2df8242ix-aelw\(t3\)_firmware, ds-7608ni-k1\/8p_firmware, ds-2df8442ixs-aelwy\(t5\)_firmware, ds-2cd2186g2-i\(su\)_firmware, ds-2cd2086g2-iu\/sl_firmware, ds-2td1117-3\/pa_firmware, ds-2cd3586g2-is_firmware, ds-2dy9240ix-a\(t5\)_firmware, ds-2cd2321g0-i\/nf_firmware, ds-2cd2623g2-izs_firmware, ds-2cd2766g2-izs_firmware, ds-2cd3086g2-is_firmware, ds-2df6a436x-ael\(t3\)_firmware, ds-2cd2027g2-l\(u\)_firmware, ds-2df8242ix-aely\(t3\)_firmware, ids-2pt9a144mxs-d\/t2_firmware, ptz-n2204i-de3_firmware, ds-2df8442ixs-ael\(t5\)_firmware, ptz-n4215-de3_firmware, ds-2df8a842ixs-ael\(t5\)_firmware, ds-2cd3663g2-izs_firmware, ds-2cd2386g2-i\(u\)_firmware, ds-2cd2127g2-\(-su\)_firmware, ds-7616ni-q2_firmware, ds-2cd2186g2-isu_firmware, ds-2cd2046g2-iu\/sl_firmware, ds-2df5232x-ae3\)t3\)_firmware, ds-2cd2366g2-isu\/sl_firmware, ds-2cd3156g2-is_firmware, ds-2dyh2a0ixs-d\(t2\)_firmware, ds-7104ni-q1_firmware, ds-2cd2383g2-i\(u\)_firmware, ds-2cd2066g2-iu\/sl_firmware, ds-2cd2366g2-i\(u\)_firmware, ds-2cd3347g2-ls\(u\)_firmware, ds-2cd2021g1-i\(w\)_firmware, ds-7604ni-q1_firmware, ds-2cd3756g2-izs_firmware, ds-2df6a436x-aely\(t5\)_firmware, ds-7108ni-q1\/8p\/m_firmware, ds-2df8225ih-ael\(w\)_firmware, ds-7604ni-k1\/4p\/4g_firmware, ds-2df6a425x-ael\(t3\)_firmware, ds-2df8442ixs-aelw\(t5\)_firmware, ds-2df5225x-ae3\(t3\)_firmware, ds-2cd2143g2-i\(s\)_firmware, ds-2td4136t-9_firmware, ds-2cd2066g2-i\(u\)_firmware, ds-2cd2743g2-izs_firmware, ds-2cd2327g2-l\(u\)_firmware, ds-2cd3056g2-iu\/sl_firmware, ds-7108ni-q1_firmware, ds-2cd2023g2-i\(u\)_firmware, ds-2cd2183g2-i\(u\)_firmware, ds-2df8250i8x-ael\(t3\)_firmware, ds-2cd2666g2-izsu\/sl_firmware, ds-2cd2143g2-iu_firmware, ds-2cd2646g2-izsu\/sl_firmware, ds-2cd3163g2-i\(s\)u_firmware, ds-7608ni-q2\/8p_firmware, ds-2df5232x-ael\(t3\)_firmware, ds-2df6a236x-ael\(t3\)_firmware, ds-2df6a225x-ael\)t3\)_firmware, ds-2td1217b-3\/pa_firmware, ds-2cd3143g2-i\(s\)u_firmware, ds-2td6267-100c4l\/w_firmware, ds-2td6267-50h4l\/w_firmware, ds-2cd2763g2-izs_firmware, ptz-n2404i-de3_firmware, ids-2sk718mxs-d_firmware, ds-2cd2666g2-izs_firmware, ds-2cd3326g2-isu\/sl_firmware, ds-2df8425ix-ael\(t5\)_firmware, ds-2cd2626g2-izsu\/sl_firmware, ds-2cd2421g0-i\(d\)w_firmware, ds-2cd2523g2-i\(s\)_firmware, ds-2cd2421g0-i\(d\)\(w\)_firmware, ds-2cd3623g2-izs_firmware, ds-2df8436i5x-aelw\(t3\)_firmware, ds-2xe6452f-izh\(r\)s_firmware, ds-2cd2586g2-i\(s\)_firmware, ds-2td8166-150zh2f\/v2_firmware, ds-2cd2683g2-izs_firmware, ds-2cd3763g2-izs_firmware, ds-2df7232ix-aelw\(t3\)_firmware, ds-2cd2363g2-i\(u\)_firmware, ds-2td6237-75c4l\/w_firmware, ds-2cd3543g2-is_firmware, ds-2cd2686g2-izsu\/sl_firmware, ds-2cd2523g2-i\(u\)_firmware, ds-2dy92500x-a\(t5\)_firmware, ds-2df8242ix-ael\(t5\)_firmware, ds-7108ni-q1\/m_firmware, ds-2cd2121g1-i\(w\)_firmware, ds-2cd2087g2-l\(u\)_firmware, ds-2td8166-75c2f\/v2_firmware, ds-2cd2166g2-i\(su\)_firmware, ds-2df8425ix-ael\(t3\)_firmware, ds-2cd2043g2-i\(u\)_firmware, ds-2cd3686g2-izs_firmware, ds-7608ni-q1\/8p_firmware, ds-7616ni-k1_firmware, ds-2cd2347g2-l\(u\)_firmware, ds-2td8167-190ze2f\/wy_firmware, ds-2df8a442ixs-af\/sp\(t5\)_firmware, ds-2cd3723g2-izs_firmware, ds-7104ni-q1\/m_firmware, ds-7608ni-k1\/8p\/4g_firmware, ds-2df7225ix-aelw\(t3\)_firmware, ds-7608ni-q2_firmware, ds-2xe6442f-izhrs\(b\)_firmware, ds-2td6266t-25h2l_firmware, ds-2cd2163g2-i\(s\)_firmware, ds-2df8225ix-ael\(t3\)_firmware, ds-2dy9250izs-a\(t5\)_firmware, ds-2td8166-150ze2f\/v2_firmware, ds-2cd3123g2-i\(s\)u_firmware, ds-2dy9236ix-a\(t3\)_firmware, ds-2cd3523g2-is_firmware, ds-7616ni-q1_firmware, ds-2cd3526g2-is_firmware, ds-2td4167-50\/w_firmware |
| Exploitation Reported (CISA KEV) | 2022-01-10 |
| CVSS 3 Base Score | 9.8 (CRITICAL) |
| CVSS 3 Attack Complexity | LOW |
| CVSS 3 Attack Vector | NETWORK |
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.
Cyber Threat Graph Context
Explore how this CVE relates to the wider threat graph