CRITICALCVSS9.8
|Actively Exploited
|CISA KEV|CVE-2021-36260|Auth: none — unauthenticated|Reboot: required|Manual onlyHikvision Improper Input Validation
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation.
Published Sep 22, 2021 · Updated May 16, 2026
Why patchRisk explained in plain English
Worst-case scenarioIf unpatched
A remote attacker, without authentication, can achieve full data confidentiality loss, arbitrary modification of data, complete denial of service or system unavailability. Federal agencies are required to remediate by 2022-01-24 under CISA BOD 22-01.
How the attack worksNo clicks needed
This is a OS Command Injection (CWE-78) vulnerability in Hikvision Security cameras web server. A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands. Exploitation requires remote network access, low attack complexity, no authentication required, and no user interaction required.
📧
Phishing link
→
🖼
Malicious file
🔓
Server compromised
Am I affected?Quick check
Probably yes if any of these apply:
●IT Security
●Running ds-2cd2026g2-iu\/sl firmware: -; ds-2cd2046g2-iu\/sl firmware: -; ds-2cd2066g2-i\(u\) firmware: -; ds-2cd2066g2-iu\/sl firmware: -; ds-2cd2086g2-i\(u\) firmware: -; ds-2cd2086g2-iu\/sl firmware: -; ds-2cd2166g2-i\(su\) firmware: -; ds-2cd2186g2-i\(su\) firmware: -; ds-2cd2186g2-isu firmware: -; ds-2cd2326g2-isu\/sl firmware: -; ds-2cd2346g2-isu\/sl firmware: -; ds-2cd2366g2-i\(u\) firmware: -; ds-2cd2366g2-isu\/sl firmware: -; ds-2cd2386g2-i\(u\) firmware: -; ds-2cd2386g2-isu\/sl firmware: -; ds-2cd2426g2-i firmware: -; ds-2cd2446g2-i firmware: -; ds-2cd2526g2-i\(s\) firmware: -; ds-2cd2526g2-is firmware: -; ds-2cd2546g2-i\(s\) firmware: -; ds-2cd2566g2-i\(s\) firmware: -; ds-2cd2586g2-i\(s\) firmware: -; ds-2cd2626g2-izsu\/sl firmware: -; ds-2cd2646g2-izsu\/sl firmware: -; ds-2cd2666g2-izs firmware: -; ds-2cd2666g2-izsu\/sl firmware: -; ds-2cd2686g2-izs firmware: -; ds-2cd2686g2-izsu\/sl firmware: -; ds-2cd2766g2-izs firmware: -; ds-2cd2786g2-izs firmware: -; ds-2cd2027g2-l\(u\) firmware: -; ds-2cd2047g2-l\(u\) firmware: -; ds-2cd2027g2-lu\/sl firmware: -; ds-2cd2087g2-l\(u\) firmware: -; ds-2cd2127g2-\(-su\) firmware: -; ds-2cd2147g2-l\(su\) firmware: -; ds-2cd2327g2-l\(u\) firmware: -; ds-2cd2347g2-l\(u\) firmware: -; ds-2cd2347g2-lsu\/sl firmware: -; ds-2cd2387g2-l\(u\) firmware: -; ds-2cd2527g2-ls firmware: -; ds-2cd2547g2-ls firmware: -; ds-2cd2547g2-lzs firmware: -; ds-2cd2121g0-i\(w\)\(s\) firmware: -; ds-2cd2321g0-i\/nf firmware: -; ds-2cd2421g0-i\(d\)\(w\) firmware: -; ds-2cd2421g0-i\(d\)w firmware: -; ds-2cd2621g0-i\(z\)\(s\) firmware: -; ds-2cd2721g0-i\(z\)\(s\) firmware: -; ds-2cd2121g1-i\(w\) firmware: -; ds-2cd2121g1 firmware: -; ds-2cd2121g1-idw firmware: -; ds-2cd2023g2-i\(u\) firmware: -; ds-2cd2043g2-i\(u\) firmware: -; ds-2cd2063g2-i\(u\) firmware: -; ds-2cd2083g2-i\(u\) firmware: -; ds-2cd2123g2-i\(s\) firmware: -; ds-2cd2123g2-iu firmware: -; ds-2cd2143g2-i\(s\) firmware: -; ds-2cd2143g2-iu firmware: -; ds-2cd2163g2-i\(s\) firmware: -; ds-2cd2163g2-iu firmware: -; ds-2cd2183g2-i\(s\) firmware: -; ds-2cd2183g2-iu firmware: -; ds-2cd2323g2-i\(u\) firmware: -; ds-2cd2343g2-i\(u\) firmware: -; ds-2cd2363g2-i\(u\) firmware: -; ds-2cd2183g2-i\(u\) firmware: -; ds-2cd2523g2-i\(s\) firmware: -; ds-2cd2543g2-i\(ws\) firmware: -; ds-2cd2563g2-i\(s\) firmware: -; ds-2cd2583g2-i\(s\) firmware: -; ds-2cd2623g2-izs firmware: -; ds-2cd2643g2-izs firmware: -; ds-2cd2663g2-izs firmware: -; ds-2cd2683g2-izs firmware: -; ds-2cd2723g2-izs firmware: -; ds-2cd2743g2-izs firmware: -; ds-2cd2763g2-izs firmware: -; ds-2cd2783g2-izs firmware: -; ds-2cd3023g2-iu firmware: -; ds-2cd3043g2-iu firmware: -; ds-2cd3063g2-iu firmware: -; ds-2cd3123g2-i\(s\)u firmware: -; ds-2cd3143g2-i\(s\)u firmware: -; ds-2cd3163g2-i\(s\)u firmware: -; ds-2cd3323g2-iu firmware: -; ds-2cd3343g2-iu firmware: -; ds-2cd3363g2-iu firmware: -; ds-2cd3523g2-is firmware: -; ds-2cd3543g2-is firmware: -; ds-2cd3563g2-is firmware: -; ds-2cd3623g2-izs firmware: -; ds-2cd3643g2-izs firmware: -; ds-2cd3663g2-izs firmware: -; ds-2cd3723g2-izs firmware: -; ds-2cd3743g2-izs firmware: -; ds-2cd3763g2-izs firmware: -; ds-2cd2021g1-i\(w\) firmware: -; ds-2cd2383g2-i\(u\) firmware: -; ds-2cd2523g2-i\(u\) firmware: -; ds-2cd3026g2-iu\/sl firmware: -; ds-2cd3056g2iu\/sl firmware: -; ds-2cd3126g2-is firmware: -; ds-2cd3126g2-is\(u\) firmware: -; ds-2cd3156g2-is firmware: -; ds-2cd3156g2-is\(u\) firmware: -; ds-2cd3186g2-is\(u\) firmware: -; ds-2cd3326g2-isu\/sl firmware: -; ds-2cd3356g2-is firmware: -; ds-2cd3356g2-is\(u\) firmware: -; ds-2cd3356g2-isu\/sl firmware: -; ds-2cd3386g2-is firmware: -; ds-2cd3386g2-is\(u\) firmware: -; ds-2cd3526g2-is firmware: -; ds-2cd3556g2-is firmware: -; ds-2cd3586g2-is firmware: -; ds-2cd3626g2-izs firmware: -; ds-2cd3726g2-izs firmware: -; ds-2cd3026g2-is firmware: -; ds-2cd3056g2-is firmware: -; ds-2cd3056g2-iu\/sl firmware: -; ds-2cd3086g2-is firmware: -; ds-2cd3656g2-izs firmware: -; ds-2cd3686g2-izs firmware: -; ds-2cd3756g2-izs firmware: -; ds-2cd3786g2-izs firmware: -; ds-2cd3047g2-ls firmware: -; ds-2cd3347g2-ls\(u\) firmware: -; ds-2cd3547g2-ls firmware: -; ds-2xe6242f-is\/316l\(b\) firmware: -; ds-2xe6422fwd-izhrs firmware: -; ds-2xe6442f-izhrs\(b\) firmware: -; ds-2xe6452f-izh\(r\)s firmware: -; ds-2xe6482f-izhrs firmware: -; ds-2dyh2a0ixs-d\(t2\) firmware: -; ds-2dy9236i8x-a firmware: -; ds-2dy9236i8x-a\(t3\) firmware: -; ds-2dy9236ix-a\(t3\) firmware: -; ds-2dy9236x-a\(t3\) firmware: -; ds-2dy9240ix-a\(t5\) firmware: -; ds-2dy9250izs-a\(t5\) firmware: -; ds-2dy92500x-a\(t5\) firmware: -; ptz-n2204i-de3 firmware: -; ptz-n2404i-de3 firmware: -; ptz-n4215-de3 firmware: -; ptz-n4215i-de firmware: -; ptz-n4225i-de firmware: -; ptz-n5225i-a firmware: -; ds-2df5225x-ae3\(t3\) firmware: -; ds-2df5225x-ael\(t3\) firmware: -; ds-2df5232x-ae3\)t3\) firmware: -; ds-2df5232x-ael\(t3\) firmware: -; ds-2df6a225x-ael\)t3\) firmware: -; ds-2df6a236x-ael\(t3\) firmware: -; ds-2df6a425x-ael\(t3\) firmware: -; ds-2df6a436x-ael\(t3\) firmware: -; ds-2df6a436x-ael\(t5\) firmware: -; ds-2df6a436x-aely\(t5\) firmware: -; ds-2df6a825x-ael firmware: -; ds-2df6a836x-ael\(t5\) firmware: -; ds-2df7225ix-ael\(t3\) firmware: -; ds-2df7225ix-aelw\(t3\) firmware: -; ds-2df7232ix-ael\(t3\) firmware: -; ds-2df7232ix-aelw\(t3\) firmware: -; ds-2df8225ih-ael firmware: -; ds-2df8225ih-ael\(w\) firmware: -; ds-2df8225ix-ael\(t3\) firmware: -; ds-2df8225ix-ael\(t5\) firmware: -; ds-2df8225ix-aelw\(t3\) firmware: -; ds-2df8225ix-aelw\(t5\) firmware: -; ds-2df8236i5x-aelw firmware: -; ds-2df8242i5x-aelw\(t3\) firmware: -; ds-2df8242i5x-aelw\(t5\) firmware: -; ds-2df8242i5x-ael\(t3\) firmware: -; ds-2df8242ix-ael\(t5\) firmware: -; ds-2df8242ix-aelw\(t3\) firmware: -; ds-2df8242ix-aely\(t3\) firmware: -; ds-2df8250i8x-ael\(t3\) firmware: -; ds-2df8425ix-ael\(t3\) firmware: -; ds-2df8425ix-ael\(t5\) firmware: -; ds-2df8425ix-aelw\(t3\) firmware: -; ds-2df8425ix-aelw\(t5\) firmware: -; ds-2df8436i5x-aelw\(t3\) firmware: -; ds-2df8442ixs-ael\(t5\) firmware: -; ds-2df8442ixs-aelw\(t2\) firmware: -; ds-2df8442ixs-aelw\(t5\) firmware: -; ds-2df8442ixs-aelwy\(t5\) firmware: -; ds-2df8442ixs-aely\(t5\) firmware: -; ds-2df8a442ixs-ael\(t2\) firmware: -; ds-2df8a442ixs-ael\(t5\) firmware: -; ds-2df8a442ixs-aely\(t5\) firmware: -; ds-2df8a442ixs-af\/sp\(t5\) firmware: -; ds-2df8a442nxs-ael\(t5\) firmware: -; ds-2df8a842ixs-ael\(t5\) firmware: -; ids-2pt9a144mxs-d\/t2 firmware: -; ids-2sk718mxs-d firmware: -; ids-2sk8144ixs-d\/j firmware: -; ids-2vs435-f840-ey firmware: -; ids-2vs435-f840-ey\(t3\) firmware: -; ds-2td1217b-3\/pa firmware: -; ds-2td1217b-6\/pa firmware: -; ds-2td1117-2\/pa firmware: -; ds-2td1117-3\/pa firmware: -; ds-2td1117-6\/pa firmware: -; ds-2td4136t-9 firmware: -; ds-2td4137-25\/w firmware: -; ds-2td4137-50\/w firmware: -; ds-2td4166t-9 firmware: -; ds-2td4167-25\/w firmware: -; ds-2td4167-50\/w firmware: -; ds-2td6236t-50h2l firmware: -; ds-2td6237-50h4l\/w firmware: -; ds-2td6237-75c4l\/w firmware: -; ds-2td6266t-25h2l firmware: -; ds-2td6266t-50h2l firmware: -; ds-2td6267-100c4l\/w firmware: -; ds-2td6267-100c4l\/wy firmware: -; ds-2td6267-50h4l\/w firmware: -; ds-2td6267-75c4l\/w firmware: -; ds-2td6267-75c4l\/wy firmware: -; ds-2td8166-100c2f\/v2 firmware: -; ds-2td8166-150ze2f\/v2 firmware: -; ds-2td8166-150zh2f\/v2 firmware: -; ds-2td8166-180ze2f\/v2 firmware: -; ds-2td8166-75c2f\/v2 firmware: -; ds-2td8167-150zc4f\/w firmware: -; ds-2td8167-190ze2f\/w firmware: -; ds-2td8167-190ze2f\/wy firmware: -; ds-2td8167-230zg2f\/w firmware: -; ds-2td8167-230zg2f\/wy firmware: -; ds-7604ni-k1 firmware: -; ds-760ni-k1\/4p firmware: -; ds-7604ni-k1\/4p\/4g firmware: -; ds-7608ni-k1 firmware: -; ds-7608ni-k1\/4g firmware: -; ds-7608ni-k1\/8p firmware: -; ds-7608ni-k1\/8p\/4g firmware: 4.30.210 ≤ v ≤ 4.31.000; ds-7616ni-k1 firmware: 4.30.210 ≤ v ≤ 4.31.000; ds-7604ni-q1 firmware: 4.30.210 ≤ v ≤ 4.31.000; ds-7604ni-q1\/4p firmware: 4.30.210 ≤ v ≤ 4.31.000; ds-7608ni-q1 firmware: 4.30.210 ≤ v ≤ 4.31.000; ds-7608ni-q1\/8p firmware: 4.30.210 ≤ v ≤ 4.31.000; ds-7608ni-q2 firmware: 4.30.210 ≤ v ≤ 4.31.000; ds-7608ni-q2\/8p firmware: 4.30.210 ≤ v ≤ 4.31.000; ds-7616ni-q1 firmware: 4.30.210 ≤ v ≤ 4.31.000; ds-7616ni-q2 firmware: 4.30.210 ≤ v ≤ 4.31.000; ds-7616ni-q2\/16p firmware: 4.30.210 ≤ v ≤ 4.31.000; ds-7104ni-q1 firmware: 4.30.300 ≤ v ≤ 4.31.100; ds-7104ni-q1\/4p firmware: 4.30.300 ≤ v ≤ 4.31.100; ds-7104ni-q1\/4p\/m firmware: 4.30.300 ≤ v ≤ 4.31.100; ds-7104ni-q1\/m firmware: 4.30.300 ≤ v ≤ 4.31.100; ds-7108ni-q1 firmware: 4.30.300 ≤ v ≤ 4.31.100; ds-7108ni-q1\/8p firmware: 4.30.300 ≤ v ≤ 4.31.100; ds-7108ni-q1\/8p\/m firmware: 4.30.300 ≤ v ≤ 4.31.100; ds-7108ni-q1\/m firmware: 4.30.300 ≤ v ≤ 4.31.100
Real-world incidentsWhat we've seen
Active exploitation documented in the wild. Threat-research write-up: http://packetstormsecurity.com/files/164603/Hikvision-Web-Server-Build-210702-Command-Injection.html
How to patch
Manual remediation steps
Apply the Vendor Patch
This vulnerability is in the CISA Known Exploited Vulnerabilities catalog — apply the vendor's security update as soon as possible.
CISA required action: Apply updates per vendor instructions.
References
1
Vendor advisory: https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification-command-injection-vulnerability-in-some-hikvision-products/
1
NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2021-36260
1
CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-36260
PowerShell automationComing soon
No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.
References