关键信息 漏洞概述 EDB-ID: 39865 CVE: N/A Author: 41020 Type: Exploit Platform: Hardware Date: 2015-10-22 Vulnerable App: Multiple CCTV-DVR Vendors 影响的厂商和产品 Axis Communications AB Arecont Vision Corporation Avigilon Corporation Bosch Security Systems, Inc. Canon U.S.A., Inc. Cisco Systems, Inc. Computar America Corp. Digital Watchdog Corporation Dynacolor Corporation ELMO CO., LTD. EverFocus Electronics Corporation FLIR Systems, Inc. Fuji Xerox Co., Ltd. Geovision, Inc. Hanwha Techwin America Hikvision Digital Technology Co., Ltd. Honeywell International Inc. IDIS Company, Ltd. IQinVision, Inc. JVC Americas Corp. Lenco Electronics, Inc. Luxul Security Products, Inc. March Networks Corporation Mobotix AG Motorola Solutions, Inc. Panasonic Corporation of North America Pelco by Schneider Electric QSee Corporation Samsung Techwin America Sony Electronics Inc. Speco Technologies, Inc. Tantos Corporation Uniview Corporation Verint Systems Inc. Videotec Group S.p.A. Vivotek Inc. Wisenet America, Inc. 漏洞描述 该漏洞允许远程代码执行,影响多个CCTV-DVR厂商的产品。 利用代码 截图中包含Python脚本,用于检测目标是否易受攻击并尝试利用漏洞。脚本通过发送特定请求来检查目标设备是否存在漏洞,并在确认后执行进一步的攻击操作。