Web: https://packetstormsecurity.com/files/170818/hikvision-execxsssql.txt

Jan. 31, 2023, 5:17 p.m. |

Packet Storm packetstormsecurity.com

Some Hikvision Hybrid SAN products were vulnerable to multiple remote code execution (command injection) vulnerabilities, including reflected cross site scripting, Ruby code injection, classic and blind SQL injection resulting in remote code execution that allows an adversary to execute arbitrary operating system commands and more. However, an adversary must be on the same network to leverage this vulnerability to execute arbitrary commands.

code code execution hikvision injection remote code execution sql sql injection xss

Snr Security Engineer (cloud)

@ Verisk | Málaga, Spain

Cybersecurity Analyst

@ Visa | Bengaluru, India

Information Security Engineer

@ ServiceNow | Orlando, FL, United States

Director of Cloud Security - 100% US REMOTE

@ Experian | Allen, TX, United States

Azure DevSecOps - Solution Architect

@ Citizant | Chantilly, VA, United States

Cybersecurity Champion

@ NielsenIQ | Chicago, IL, United States

Senior Information Security Analyst

@ QAD, Inc. | Wroclaw, Poland

VP, Information Security

@ TrueAccord | Remote

DevSecOps Engineer- (100%) ( w/m/d) - Valbonne - Hybrid Work

@ SMG Swiss Marketplace Group | Valbonne, France

Information Security Director - Attack Surface Management (100% US REMOTE)

@ Experian | Allen, TX, United States

Director - Cybersecurity and Compliance

@ Visa | Foster City, CA, United States

Senior Threat Analyst | Remote, USA

@ Optiv | Kansas City, MO