漏洞描述
HIKVISION 流媒体管理服务器 downFile.php的参数未经任何过滤,可以任意下载敏感文件
HIKVISION 流媒体管理服务器 后台任意读取
PoC代码
暂无相关漏洞推荐
- hikvision-center-fastjson-rce: 海康威视综合安防-运行管理中心-Fastjson-远程命令执行漏洞
- hikvision-files-upload: Hikvision Files Upload
- spon-ip-intercom-ping-rce: Hikvision SPON IP网络对讲广播系统存在命令执行漏洞
- POC CVE-2017-7921: Hikvision - Authentication Bypass
- POC CVE-2021-36260: Hikvision IP camera/NVR - Remote Command Execution
- POC CVE-2023-6895: Hikvision IP ping.php - Command Execution
- POC CVE-2017-7921: Hikvision CVE-2017-7921
- POC CVE-2021-36260: Hikvision IP camera/NVR - Unauthenticated RCE
- POC hikvision-intercom-service-default-password: Hikvision Intercom Service Default Password
- POC hikvision-anfang-files-fileupload: HiKVISION 综合安防管理平台 files 任意文件上传
- POC hikvision-anfang-report-fileupload-2: HiKVISION 综合安防管理平台 report 任意文件上传
- POC hikvision-anfang-report-fileupload: HiKVISION 综合安防管理平台 report 任意文件上传
- POC hikvision-gateway-data-file-read: HIKVISION 视频编码设备接入网关 $DATA 任意文件读取