Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-7921 PoC — 多款Hikvision产品安全漏洞

Source
https://github.com/kooroshsanaei/HikVision-CVE-2017-7921
Associated Vulnerability
Title:多款Hikvision产品安全漏洞 (CVE-2017-7921)
Description:An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.
Description
 Test For CVE-2017–7921;
Readme
# HikVision-CVE-2017-7921
**Identify potential vulnerabilities with CVE-2017-7921 exploit checks or by testing the /onvif-http/snapshot?auth=YWRtaW46MTEK URI on target IP addresses using a multi-threaded approach for faster results.** 

# Requirements
```
python3
Python Pacakges => requests, Fake_useragent, colorama
```
# Installation 
> You can just install the dependencies using pip: pip install -r requirements.txt
> If you prefer to manually install the required packages, you can use the `pip install` command followed by the package names listed in `requirements.txt`.

> [!TIP]
> Ensure Python 3 is installed and added to your system path.

## Linux 
```
cd /HikVision-CVE-2017-7921 
pip3 install -r requirements.txt
Add ips to targets.txt and then
python3 main.py
Then Check; vulnerable.txt
```

### ScreenShot Of The Tool
![ScreenShot Of The Tool](https://s21.uupload.ir/files/zirzamincybery/Vulnerable_camera.PNG)

## Features And Issues
>Report any problems you find or suggest features you'd like to see.
>Telegram : @uz3er
>Telegram Channel: @undergroundcy
File Snapshot

 [4.0K]  /data/pocs/50b9db261522b5753669fb905a25b5f69fece2b2
├── [1.6K]  main.py
├── [1.0K]  README.md
├── [  34]  requirements.txt
├── [ 44K]  targets.txt
└── [   0]  vulnerable.txt

0 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →