Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-7921 PoC — 多款Hikvision产品安全漏洞

Source
https://github.com/201646613/CVE-2017-7921
Associated Vulnerability
Title:多款Hikvision产品安全漏洞 (CVE-2017-7921)
Description:An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.
Description
CVE-2017-7921-EXP Hikvision camera
Readme
# CVE-2017-7921
CVE-2017-7921-EXP Hikvision camera<hr>
<b>本工具主要面向于合法授权的渗透测试安全人员以及进行常规操作的网站管理员。
任何人不得将其用于非法用途以及盈利等目的,否则后果自行承担并将追究其相关责任!</b>

<p>使用帮助</p>

--rhost 目标主机</br>
--rport 目标端口</br>
--level 测试等级:</br>
             --level   1 检测漏洞是否存在 </br>
             --level   2 获取监控管理源账号和密码 </br>
             --level   3 获取监控快照和管理员密码 </br>

<li>python3 CVE-2017-7921.py --rhost <target IP> --rport <target PORT>  基于单个目标  </li>
<li>python3 CVE-2017-7921.py --file <file>  基于IP:端口列表  </li>
File Snapshot

 [4.0K]  /data/pocs/8a7b919ce635bd19427a88125b56eb16d63ea916
├── [7.2K]  CVE-2017-7921.py
├── [1.3K]  decrypt_configurationFile.py
├── [   0]  fail.txt
├── [ 11K]  LICENSE
├── [  15]  list.txt
├── [ 756]  README.md
└── [   0]  succeed.txt

0 directories, 7 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →