CVE-2017-7921 PoC — 多款Hikvision产品安全漏洞

Source

https://github.com/yousouf-Tasfin/cve-2017-7921-Mass-Exploit

Associated Vulnerability

Title:多款Hikvision产品安全漏洞 (CVE-2017-7921)
Description:An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.

Readme

# cve-2017-7921-Mass-Exploit

# Mass Config Download
python3 download.py -i ip -s -v

# Mass Snapshot Taker
python3 snapshot.py -i ip -s -v

# Config Decrypt
python3 decrypt.py file-name

# Default port is 80 
# Change port in both code download.py , snapshot.py

# file contain only ip

# Fofa Dork 
"App-webs" && server=="App-webs/" && port="80" && country="US" && icon_hash="999357577"

File Snapshot


 [4.0K]  /data/pocs/d82359a1b0711d4dd4a6e91c29fdc82144998e94
├── [868K]  23.240.208.13
├── [1.2K]  decrypt.py
├── [2.3K]  download.py
├── [ 41K]  ip
├── [ 391]  README.md
└── [2.4K]  snapshot.py

0 directories, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!