【威胁通告】海康威视产品命令注入漏洞(CVE-2021-36260)
2021-09-22
一. 漏洞概述
近日,bbin宝盈集团科技CERT监测到海康威视发布安全通告,修复了海康威视部分产品中的web模块存在的一个命令注入漏洞,由于对输入参数校验不充分,未经身份验证的攻击者通过构造带有恶意命令的报文发送到受影响设备,可实现远程命令执行。
海康威视是以视频为核心的智能物联网解决方案和大数据服务提供商,业务聚焦于智能物联网、大数据服务和智慧业务,构建开放合作生态,为公共服务领域用户、企事业用户和中小企业用户提供服务,致力于构筑云边融合、物信融合、数智融合的智慧城市和数字化企业。
参考链接:
http://www.hikvision.com/cn/support/CybersecurityCenter/SecurityNotices/20210919
二. 影响范围
1. 易受攻击的网络摄像机固件
产品类型 |
影响版本 |
IPC_E0 |
IPC_E0_CN_STD_5.4.6_180112 |
IPC_E1 |
未知 |
IPC_E2 |
IPC_E2_EN_STD_5.5.52_180620 |
IPC_E4 |
未知 |
IPC_E6 |
IPCK_E6_EN_STD_5.5.100_200226 |
IPC_E7 |
IPCK_E7_EN_STD_5.5.120_200604 |
IPC_G3 |
IPC_G3_EN_STD_5.5.160_210416 |
IPC_G5 |
IPC_G5_EN_STD_5.5.113_210317 |
IPC_H1 |
IPC_H1_EN_STD_5.4.61_181204 |
IPC_H5 |
IPCP_H5_EN_STD_5.5.85_201120 |
IPC_H8 |
Factory installed firmware mid 2021 |
IPC_R2 |
IPC_R2_EN_STD_V5.4.81_180203 |
2. 易受攻击的 PTZ 摄像机固件
产品类型 |
影响版本 |
IPD_E7 |
IPDEX_E7_EN_STD_5.6.30_210526 |
IPD_G3 |
IPDES_G3_EN_STD_5.5.42_210106 |
IPD_H5 |
IPD_H5_EN_STD_5.5.41_200911 |
IPD_H7 |
IPD_H7_EN_STD_5.5.40_200721 |
IPD_H8 |
IPD_H8_EN_STD_5.7.1_210619 |
3. 易受攻击的旧固件
产品类型 |
影响版本 |
IPC_R7 |
5.4.x |
IPD_R7 |
|
IPC_G0 |
|
IPC_H3 |
|
IPD_H3 |
4. OEM 固件
三. 漏洞防护
目前海康威视官方已发布新版本修复该漏洞,请受影响用户尽快更新进行防护,下载链接:http://www.hikvision.com/cn/support/CybersecurityCenter/SecurityNotices/20210919/
各受影响的产品版本与修复程序下载链接如下:
序号 |
产品名称 |
受影响版本号 |
修复程序下载 |
1 |
DS-2CVxxxx |
版本build日期在210625之前 |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/01%EF%BC%9ADS-2CVxxxx%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
2 |
DS-2CD1xxx |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/02%EF%BC%9ADS0-2CD1xxxx%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
|
3 |
IPCxx |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/03%EF%BC%9AIPCxx%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
|
4 |
DS-IPC-Bxx DS-IPC-Txx |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/05%EF%BC%9ADS-IPC-Exx%E3%80%81Sxx%E3%80%81Axx%E3%80%81DS-2XDxxxx%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
|
5 |
DS-IPC-Exx DS-IPC-Sxx DS-IPC-Axx DS-2XDxxxx |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/05%EF%BC%9ADS-IPC-Exx%E3%80%81Sxx%E3%80%81Axx%E3%80%81DS-2XDxxxx%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
|
6 |
DS-2CD2xxx |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/06%EF%BC%9ADS-2CD2xxx%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
|
7 |
DS-2CD3xxx |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/07%EF%BC%9ADS-2CD3xxx%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
|
8 |
(i)DS-2DCxxxx |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/08%EF%BC%9A(i)DS-2DCxxxx%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
|
9 |
(i)DS-2DExxxx |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/09%EF%BC%9A(i)DS-2DExxxx%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
|
10 |
(i)DS-2PTxxxx |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/10%EF%BC%9A(i)DS-2PTxxxx%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
|
11 |
(i)DS-2SE7xxxx |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/11%EF%BC%9A(i)DS-2SE7xxxx%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
|
12 |
DS-2DBxxxx |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/12%EF%BC%9ADS-2DBxxxx%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
|
13 |
DS-2DYHxxxx |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/13%EF%BC%9ADS-2DYHxxxx%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
|
14 |
DS-DY9xxxx |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/14%EF%BC%9ADS-2DY9xxxx%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
|
15 |
iDS-2DY5Cxxx |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/15%EF%BC%9AiDS-2DY5Cxxx%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
|
16 |
iDS-2DP9Cxxx-T4 |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/16%EF%BC%9AiDS-2DP9Cxxx-T4%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
|
17 |
DS-2DY7xxx-CX(S5) DS-2DF6xxx-CX(S6) DS-2DF6Cxxx-CX(T2) |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/17%EF%BC%9ADS-2DY7xxx-CX%EF%BC%88S5%EF%BC%89%E3%80%812DF6xxx-CX%EF%BC%88S6%EF%BC%89%E3%80%812DF6Cxxx-CX%EF%BC%88T2%EF%BC%89%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
|
18 |
iDS-2VY4xxxx |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/18%EF%BC%9AiDS-2VY4xxxx%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
|
19 |
iDS-EGDxxxx |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/19%EF%BC%9AiDS-EGDxxxx%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
|
20 |
DS-2CD4xxx DS-2CD5xxx |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/20%EF%BC%9ADS-2CD4xxx%E3%80%815xxx%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
|
21 |
DS-2CD6xxx |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/21%EF%BC%9ADS-2CD6xxx%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
|
22 |
DS-2CD7xxx DS-GPZxxx |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/22%EF%BC%9ADS-2CD7xxx%E3%80%81DS-GPZxxx%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
|
23 |
DS-2CD8xxx |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/23%EF%BC%9ADS-2CD8xxx%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
|
24 |
DS-2XA8xxx |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/24%EF%BC%9ADS-2XA8xxx%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
|
25 |
DS-FCNxxxx |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/25%EF%BC%9ADS-FCNxxx%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
|
26 |
iDS-2XM/CD6xxx |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/26%EF%BC%9AiDS-2XM%E3%80%81CD6xxx%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
|
27 |
DS-2DF5xxxx DS-2DF6xxxx DS-2DF6xxxx-Cx DS-2DF7xxxx DS-2DF8xxxx DS-2DF9xxxx |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/27%EF%BC%9ADS-2DF5%E3%80%816%E3%80%817%E3%80%818%E3%80%819xxx%E7%B3%BB%E5%88%97%E3%80%81DS-2DF6xxx-CX%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
|
28 |
iDS-2VPDxxxx iDS-2DPxxxx |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/28%EF%BC%9AiDS-2VPDxxxx%E3%80%812DPxxxx%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
|
29 |
iDS-2PT9xxxx |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/29%EF%BC%9AiDS-2PT9xxx%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
|
30 |
iDS-2SK7xxxx iDS-2SK8xxxx |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/30%EF%BC%9AiDS-2SK7%E3%80%818xxx%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
|
31 |
iDS-2SR8xxxx |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/31%EF%BC%9AiDS-SR8xxx%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
|
32 |
iDS-2VSxxxx |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/32%EF%BC%9AiDS-2VSxxxx%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
|
33 |
iDS-2VTxxxx |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/33%EF%BC%9AiDS-2VTxxxx%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
|
34 |
iDS-GPZ2xxxx |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/34%EF%BC%9AiDS-GPZ2xxx%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
|
35 |
DS-2XE62x7FWD(D) DS-2XE30x6FWD(B) DS-2XE60x6FWD(B) DS-2XE62x2F(D) DS-2XC66x5G0 DS-2XE64x2F(B) |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/35%EF%BC%9ADS-2XE%E3%80%81XC6xxx%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
|
36 |
KBA18(C)-83x6FWD |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/36%EF%BC%9AKBA18%EF%BC%88C%EF%BC%89-8xxx%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
|
37 |
DS-2TBxxx DS-Bxxxx DS-2TDxxxxB TBC-12xxx TBC-26xxx |
版本build日期在210702之前 |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/37%EF%BC%9ADS-TBxxx%E3%80%81DS-Bxxxx%E3%80%81DS-2TDxxxxB%E3%80%81TBC-12xxx%E3%80%81TBC-26xxx%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
38 |
DS-2TD1xxx-xx DS-2TD2xxx-xx |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/38%EF%BC%9ADS-TD1xxx%E3%80%81DS-2TD2xxx%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
|
39 |
DS-2TD51xx-xx/W/GLT DS-2TD55xx-xx/W DS-2TD65xx-xx/W |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/39%EF%BC%9ADS-2TD51xx-xx%E3%80%81DS-2TD55xx-xx%E3%80%81DS-2TD65XX-XX%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
|
40 |
DS-2TD41xx-xx/Wxx DS-2TD62xx-xx/Wxx DS-2TD81xx-xx/Wxx DS-2TD91xx-xx/W DS-2TD4xxx-xx/V2 DS-2TD55xx-xx/V2 DS-2TD6xxx-xx/V2 DS-2TD81xx-xx/V2 DS-2TD91xx-xx/V2 |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/40%EF%BC%9ADS-2TD41xx-xx%E3%80%81DS-TD62xx-xx%E3%80%81DS-2TD81xx-xx%E3%80%81DS-2TD91xx%E3%80%81DS-2TD4xxx%E3%80%81DS-2TD55xx%E3%80%81DS-TD6xxx%E7%B3%BB%E5%88%97%E5%8D%87%E7%BA%A7%E5%8C%85.zip |
|
41 |
DS-76xxN-Exx DS-78xxN-Kxx DS-NVR-K1xx DS-NVR-K2xx |
V4.30.210 Build201224- V4.31.000 Build210511 |
http://hiknow-cn-s3.s3.cn-north-1.amazonaws.com.cn/41%EF%BC%9ADS-76xxN-Exxxxx%E3%80%81DS-78xxN-Kxxxxx%E3%80%81DS-NVR-K1xx%E3%80%81DS-NVR-K2xx.zip |
声明
本安全公告仅用来描述可能存在的安全问题,bbin宝盈集团科技不为此安全公告提供任何保证或承诺。由于传播、利用此安全公告所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,bbin宝盈集团科技以及安全公告作者不为此承担任何责任。
bbin宝盈集团科技拥有对此安全公告的修改和解释权。如欲转载或传播此安全公告,必须保证此安全公告的完整性,包括版权声明等全部内容。未经bbin宝盈集团科技允许,不得任意修改或者增减此安全公告内容,不得以任何方式将其用于商业目的。