module
Hikvision DVR RTSP Request Remote Code Execution
| Disclosed | Created |
|---|---|
| 2014-11-19 | 2018-05-30 |
Disclosed
2014-11-19
Created
2018-05-30
Description
This module exploits a buffer overflow in the RTSP request parsing
code of Hikvision DVR appliances. The Hikvision DVR devices record
video feeds of surveillance cameras and offer remote administration
and playback of recorded footage.
The vulnerability is present in several models / firmware versions
but due to the available test device this module only supports
the DS-7204 model.
code of Hikvision DVR appliances. The Hikvision DVR devices record
video feeds of surveillance cameras and offer remote administration
and playback of recorded footage.
The vulnerability is present in several models / firmware versions
but due to the available test device this module only supports
the DS-7204 model.
Author
Mark Schloesser mark_schloesser@rapid7.com
Platform
Linux
Architectures
armle
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.