CVE-2021-36260

Exp

A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

Published: 2021-09-22 Last update: 2025-11-10 Assigner: [email protected] Source: [email protected]
NVD Status:AnalyzedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2021-36260 is rated Critical Active Threat (99.4/100): CVSS Critical severity, with high exploitation likelihood (EPSS 94.44%, 100th percentile). CISA KEV confirms active exploitation (added 2022-01-10) affecting Hikvision / Security cameras web server. a weakness (CWE-78) Unauthenticated remote administrative access may be possible. The CISA remediation deadline has passed—treat as an emergency patch priority.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

CISA KEV Record for CVE-2021-36260

Name: Hikvision Improper Input Validation · CISA KEV detail

Exploit added: 2022-01-10

Action due: 2022-01-24

Required action: Apply updates per vendor instructions.

Public exploit references (Exploit-DB) for CVE-2021-36260

EDB-ID Source Kind Published Link
50441 exploit_db edb 2021-10-25 Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2021-36260

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-11-21 94.27% 94.44% +0.17%
2 2025-11-18 94.44% 94.27% -0.17%
3 2025-03-17 94.44%

Full EPSS history (14 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2021-36260

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
9.8 3.1 CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 3.9 5.9 [email protected]
9.8 3.1 CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 3.9 5.9 134c704f-9b21-4f2e-91b3-4a467353bcc0
9.3 2.0 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:C)
Complete confidentiality impact.
Integrity impact (I:C)
Complete integrity impact.
Availability impact (A:C)
Complete availability impact.
 8.6 10.0 [email protected]

Weakness enumeration for CVE-2021-36260

Affected software / configurations for CVE-2021-36260

Vendor Product Version Raw CPE
hikvision ds-2cd2026g2-iu\/sl_firmware cpe:2.3:o:hikvision:ds-2cd2026g2-iu\/sl_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2046g2-iu\/sl_firmware cpe:2.3:o:hikvision:ds-2cd2046g2-iu\/sl_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2066g2-i\(u\)_firmware cpe:2.3:o:hikvision:ds-2cd2066g2-i\(u\)_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2066g2-iu\/sl_firmware cpe:2.3:o:hikvision:ds-2cd2066g2-iu\/sl_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2086g2-i\(u\)_firmware cpe:2.3:o:hikvision:ds-2cd2086g2-i\(u\)_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2086g2-iu\/sl_firmware cpe:2.3:o:hikvision:ds-2cd2086g2-iu\/sl_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2166g2-i\(su\)_firmware cpe:2.3:o:hikvision:ds-2cd2166g2-i\(su\)_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2186g2-i\(su\)_firmware cpe:2.3:o:hikvision:ds-2cd2186g2-i\(su\)_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2186g2-isu_firmware cpe:2.3:o:hikvision:ds-2cd2186g2-isu_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2326g2-isu\/sl_firmware cpe:2.3:o:hikvision:ds-2cd2326g2-isu\/sl_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2346g2-isu\/sl_firmware cpe:2.3:o:hikvision:ds-2cd2346g2-isu\/sl_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2366g2-i\(u\)_firmware cpe:2.3:o:hikvision:ds-2cd2366g2-i\(u\)_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2366g2-isu\/sl_firmware cpe:2.3:o:hikvision:ds-2cd2366g2-isu\/sl_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2386g2-i\(u\)_firmware cpe:2.3:o:hikvision:ds-2cd2386g2-i\(u\)_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2386g2-isu\/sl_firmware cpe:2.3:o:hikvision:ds-2cd2386g2-isu\/sl_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2426g2-i_firmware cpe:2.3:o:hikvision:ds-2cd2426g2-i_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2446g2-i_firmware cpe:2.3:o:hikvision:ds-2cd2446g2-i_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2526g2-i\(s\)_firmware cpe:2.3:o:hikvision:ds-2cd2526g2-i\(s\)_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2526g2-is_firmware cpe:2.3:o:hikvision:ds-2cd2526g2-is_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2546g2-i\(s\)_firmware cpe:2.3:o:hikvision:ds-2cd2546g2-i\(s\)_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2566g2-i\(s\)_firmware cpe:2.3:o:hikvision:ds-2cd2566g2-i\(s\)_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2586g2-i\(s\)_firmware cpe:2.3:o:hikvision:ds-2cd2586g2-i\(s\)_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2626g2-izsu\/sl_firmware cpe:2.3:o:hikvision:ds-2cd2626g2-izsu\/sl_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2646g2-izsu\/sl_firmware cpe:2.3:o:hikvision:ds-2cd2646g2-izsu\/sl_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2666g2-izs_firmware cpe:2.3:o:hikvision:ds-2cd2666g2-izs_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2666g2-izsu\/sl_firmware cpe:2.3:o:hikvision:ds-2cd2666g2-izsu\/sl_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2686g2-izs_firmware cpe:2.3:o:hikvision:ds-2cd2686g2-izs_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2686g2-izsu\/sl_firmware cpe:2.3:o:hikvision:ds-2cd2686g2-izsu\/sl_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2766g2-izs_firmware cpe:2.3:o:hikvision:ds-2cd2766g2-izs_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2786g2-izs_firmware cpe:2.3:o:hikvision:ds-2cd2786g2-izs_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2027g2-l\(u\)_firmware cpe:2.3:o:hikvision:ds-2cd2027g2-l\(u\)_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2047g2-l\(u\)_firmware cpe:2.3:o:hikvision:ds-2cd2047g2-l\(u\)_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2027g2-lu\/sl_firmware cpe:2.3:o:hikvision:ds-2cd2027g2-lu\/sl_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2087g2-l\(u\)_firmware cpe:2.3:o:hikvision:ds-2cd2087g2-l\(u\)_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2127g2-\(-su\)_firmware cpe:2.3:o:hikvision:ds-2cd2127g2-\(-su\)_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2147g2-l\(su\)_firmware cpe:2.3:o:hikvision:ds-2cd2147g2-l\(su\)_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2327g2-l\(u\)_firmware cpe:2.3:o:hikvision:ds-2cd2327g2-l\(u\)_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2347g2-l\(u\)_firmware cpe:2.3:o:hikvision:ds-2cd2347g2-l\(u\)_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2347g2-lsu\/sl_firmware cpe:2.3:o:hikvision:ds-2cd2347g2-lsu\/sl_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2387g2-l\(u\)_firmware cpe:2.3:o:hikvision:ds-2cd2387g2-l\(u\)_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2527g2-ls_firmware cpe:2.3:o:hikvision:ds-2cd2527g2-ls_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2547g2-ls_firmware cpe:2.3:o:hikvision:ds-2cd2547g2-ls_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2547g2-lzs_firmware cpe:2.3:o:hikvision:ds-2cd2547g2-lzs_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2121g0-i\(w\)\(s\)_firmware cpe:2.3:o:hikvision:ds-2cd2121g0-i\(w\)\(s\)_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2321g0-i\/nf_firmware cpe:2.3:o:hikvision:ds-2cd2321g0-i\/nf_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2421g0-i\(d\)\(w\)_firmware cpe:2.3:o:hikvision:ds-2cd2421g0-i\(d\)\(w\)_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2421g0-i\(d\)w_firmware cpe:2.3:o:hikvision:ds-2cd2421g0-i\(d\)w_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2621g0-i\(z\)\(s\)_firmware cpe:2.3:o:hikvision:ds-2cd2621g0-i\(z\)\(s\)_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2721g0-i\(z\)\(s\)_firmware cpe:2.3:o:hikvision:ds-2cd2721g0-i\(z\)\(s\)_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2121g1-i\(w\)_firmware cpe:2.3:o:hikvision:ds-2cd2121g1-i\(w\)_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2121g1_firmware cpe:2.3:o:hikvision:ds-2cd2121g1_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2121g1-idw_firmware cpe:2.3:o:hikvision:ds-2cd2121g1-idw_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2023g2-i\(u\)_firmware cpe:2.3:o:hikvision:ds-2cd2023g2-i\(u\)_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2043g2-i\(u\)_firmware cpe:2.3:o:hikvision:ds-2cd2043g2-i\(u\)_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2063g2-i\(u\)_firmware cpe:2.3:o:hikvision:ds-2cd2063g2-i\(u\)_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2083g2-i\(u\)_firmware cpe:2.3:o:hikvision:ds-2cd2083g2-i\(u\)_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2123g2-i\(s\)_firmware cpe:2.3:o:hikvision:ds-2cd2123g2-i\(s\)_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2123g2-iu_firmware cpe:2.3:o:hikvision:ds-2cd2123g2-iu_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2143g2-i\(s\)_firmware cpe:2.3:o:hikvision:ds-2cd2143g2-i\(s\)_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2143g2-iu_firmware cpe:2.3:o:hikvision:ds-2cd2143g2-iu_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2163g2-i\(s\)_firmware cpe:2.3:o:hikvision:ds-2cd2163g2-i\(s\)_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2163g2-iu_firmware cpe:2.3:o:hikvision:ds-2cd2163g2-iu_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2183g2-i\(s\)_firmware cpe:2.3:o:hikvision:ds-2cd2183g2-i\(s\)_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2183g2-iu_firmware cpe:2.3:o:hikvision:ds-2cd2183g2-iu_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2323g2-i\(u\)_firmware cpe:2.3:o:hikvision:ds-2cd2323g2-i\(u\)_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2343g2-i\(u\)_firmware cpe:2.3:o:hikvision:ds-2cd2343g2-i\(u\)_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2363g2-i\(u\)_firmware cpe:2.3:o:hikvision:ds-2cd2363g2-i\(u\)_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2183g2-i\(u\)_firmware cpe:2.3:o:hikvision:ds-2cd2183g2-i\(u\)_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2523g2-i\(s\)_firmware cpe:2.3:o:hikvision:ds-2cd2523g2-i\(s\)_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2543g2-i\(ws\)_firmware cpe:2.3:o:hikvision:ds-2cd2543g2-i\(ws\)_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2563g2-i\(s\)_firmware cpe:2.3:o:hikvision:ds-2cd2563g2-i\(s\)_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2583g2-i\(s\)_firmware cpe:2.3:o:hikvision:ds-2cd2583g2-i\(s\)_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2623g2-izs_firmware cpe:2.3:o:hikvision:ds-2cd2623g2-izs_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2643g2-izs_firmware cpe:2.3:o:hikvision:ds-2cd2643g2-izs_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2663g2-izs_firmware cpe:2.3:o:hikvision:ds-2cd2663g2-izs_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2683g2-izs_firmware cpe:2.3:o:hikvision:ds-2cd2683g2-izs_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2723g2-izs_firmware cpe:2.3:o:hikvision:ds-2cd2723g2-izs_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2743g2-izs_firmware cpe:2.3:o:hikvision:ds-2cd2743g2-izs_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2763g2-izs_firmware cpe:2.3:o:hikvision:ds-2cd2763g2-izs_firmware:-:*:*:*:*:*:*:*
hikvision ds-2cd2783g2-izs_firmware cpe:2.3:o:hikvision:ds-2cd2783g2-izs_firmware:-:*:*:*:*:*:*:*

References for CVE-2021-36260

URL Tags
http://packetstormsecurity.com/files/164603/Hikvision-Web-Server-Build-210702-Command-Injection.html Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/166167/Hikvision-IP-Camera-Unauthenticated-Command-Injection.html Exploit Third Party Advisory VDB Entry
https://therecord.media/experts-warn-of-widespread-exploitation-involving-hikvision-cameras/ Third Party Advisory
https://www.cyfirma.com/wp-content/uploads/2022/08/HikvisionSurveillanceCamerasVulnerabilities.pdf Broken Link Exploit Third Party Advisory
https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification-command-injection-vulnerability-in-some-hikvision-products/ Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-36260 US Government Resource
cvelogic Threat Intelligence