{"id":5728,"date":"2025-06-11T07:29:25","date_gmt":"2025-06-11T03:29:25","guid":{"rendered":"https:\/\/jsnet.biz\/?p=5728"},"modified":"2025-11-26T14:10:19","modified_gmt":"2025-11-26T10:10:19","slug":"hikvision-z%c9%99ifliyi","status":"publish","type":"post","link":"https:\/\/jsnet.biz\/az\/hikvision-z%c9%99ifliyi\/","title":{"rendered":"Hikvision Z\u0259ifliyi"},"content":{"rendered":"<p><strong>Hikvision z\u0259iflikl\u0259ri<\/strong> \u2014 bu marka IP kamera v\u0259 video n\u0259zar\u0259t sistemind\u0259 a\u015fkarlanm\u0131\u015f t\u0259hl\u00fck\u0259sizlik bo\u015fluqlar\u0131d\u0131r. Bu bo\u015fluqlar avadanl\u0131qlar <strong>t\u0259hl\u00fck\u0259sizlik m\u0259lumatlar\u0131n\u0131n o\u011furlanmas\u0131na, uzaqdan idar\u0259 edilm\u0259sin\u0259 v\u0259 ya n\u0259zar\u0259td\u0259n idar\u0259 edilm\u0259sin\u0259<\/strong> s\u0259b\u0259b ola bil\u0259r.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udccc M\u0259\u015fhur Hikvision z\u0259iflikl\u0259rind\u0259n biri:<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>CVE-2021-36260<\/strong> \u2014 kritik z\u0259iflik (9.8\/10 CVSS bal\u0131)<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>T\u0259sviri:<\/strong> Hikvision IP kameralar\u0131n\u0131n v\u0259 NVR cihazlar\u0131n\u0131n <strong>web server komponentind\u0259<\/strong> a\u015fkarlan\u0131b.<\/li>\n\n\n\n<li><strong>Problemin n\u00f6v\u00fc:<\/strong> <strong>Command Injection (\u018fmr yeritm\u0259)<\/strong><\/li>\n\n\n\n<li><strong>T\u0259siri:<\/strong> Haker, edilm\u0259mi\u015f \u015f\u0259kild\u0259 sistemd\u0259 \u0259mrl\u0259ri icra ed\u0259 bil\u0259r.<\/li>\n\n\n\n<li><strong>Uzundan giri\u015f imkan\u0131:<\/strong> <strong>Authentication olmadan<\/strong> (y\u0259ni parol t\u0259l\u0259b olunmadan).<\/li>\n\n\n\n<li><strong>T\u0259sir dair\u0259si:<\/strong> D\u00fcnyada 100 milyondan \u00e7ox cihaz t\u0259sirl\u0259nmi\u015f ola bil\u0259r.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83c\udfaf Dig\u0259r m\u00fcmk\u00fcn z\u0259iflikl\u0259r:<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Default parollar\u0131n d\u0259yi\u015fdirilm\u0259si<\/strong> \u2014 \u201cadmin\/12345\u201d kimi sad\u0259 parollar\u0131n istifad\u0259 edilm\u0259si.<\/li>\n\n\n\n<li><strong>HTTPS yox, HTTP istifad\u0259sind\u0259<\/strong> \u2014 \u0259laq\u0259 qurulmu\u015fdur.<\/li>\n\n\n\n<li><strong>Firmware yenil\u0259nm\u0259m\u0259si<\/strong> \u2014 k\u00f6hn\u0259 proqram z\u0259iflikl\u0259r\u0259 qar\u015f\u0131 m\u00fcqavim\u0259tdir.<\/li>\n\n\n\n<li><strong>RTSP ax\u0131nlar\u0131n z\u0259if qorunmas\u0131<\/strong> \u2014 kameradan canl\u0131 yay\u0131m\u0131 \u0259ld\u0259 etm\u0259k asanla\u015f\u0131r.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udee1\ufe0f M\u00fcdafi\u0259 yollar\u0131:<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Firmware-i yenil\u0259yin<\/strong> \u2014 Hikvision r\u0259smi sayt\u0131ndan cihaz\u0131n\u0131za uy\u011fun son versiyan\u0131 y\u00fckl\u0259yin.<\/li>\n\n\n\n<li><strong>Default parollar\u0131 d\u0259yi\u015fdirin<\/strong> v\u0259 g\u00fccl\u00fc parollardan istifad\u0259 edin.<\/li>\n\n\n\n<li><strong>\u015e\u0259b\u0259k\u0259 firewall t\u0259tbiq edin<\/strong>, kameralar\u0131 internet\u0259 \u00e7\u0131xarmay\u0131n.<\/li>\n\n\n\n<li><strong>VPN v\u0259 ya NAT<\/strong> istifad\u0259 yaln\u0131z lokal v\u0259 ya t\u0259hl\u00fck\u0259siz \u015f\u0259b\u0259k\u0259d\u0259n giri\u015f\u0259 icaz\u0259 verin.<\/li>\n\n\n\n<li><strong>HTTPS<\/strong> istifad\u0259ni aktiv edin (\u0259g\u0259r cihaz saxlasa).<\/li>\n<\/ol>\n\n\n\n<p>A\u015fa\u011f\u0131da <strong>Hikvision<\/strong> avadanl\u0131qlar\u0131nda CVE s\u0259n\u0259dl\u0259rin\u0259 \u0259sas\u0259n a\u015fkarlanm\u0131\u015f m\u00fch\u00fcm z\u0259iflikl\u0259r t\u0259qdim olunur. H\u0259r z\u0259iflik \u00fc\u00e7\u00fcn t\u0259sviri, t\u0259sir r\u0259q\u0259mi (CVSS) v\u0259 t\u0259l\u0259b olunan t\u0259dbirl\u0259r yer al\u0131r.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udee0 M\u00fch\u00fcm CVE z\u0259iflikl\u0259ri<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>CVE\u20112021\u201136260<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>N\u00f6v\u00fc:<\/strong> Veb server komanda enjeksiyas\u0131 (komanda injection)<\/li>\n\n\n\n<li><strong>CVSS:<\/strong> 9.8\/10 (kritik) <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-36260&amp;utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">en.wikipedia.org+7cve.mitre.org+7nvd.nist.gov+7<\/a><a href=\"https:\/\/en.wikipedia.org\/wiki\/Hikvision?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">nvd.nist.gov+3en.wikipedia.org+3hikvision.com+3<\/a><\/li>\n\n\n\n<li><strong>T\u0259sir:<\/strong> He\u00e7 bir autentifikasiya olmadan uzaqdan \u0259mrl\u0259r icra oluna bilm\u0259z.<\/li>\n\n\n\n<li><strong>\u018fhat\u0259 dair\u0259si:<\/strong> \u00c7oxsayl\u0131 IP kameralar, firmware-2021-d\u0259 iyunda versiyalar (build &lt; 210628) t\u0259sir\u0259 m\u0259ruz qal\u0131b <a href=\"https:\/\/www.hikvision.com\/us-en\/support\/cybersecurity\/security-advisory\/security-notification-command-injection-vulnerability-in-some-hikvision-products\/security-notification-command-injection-vulnerability-in-some-hikvision-products\/?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">cve.mitre.org+3hikvision.com+3cve.mitre.org+3<\/a>.<\/li>\n\n\n\n<li><strong>H\u0259ll yolu:<\/strong> Firmware-i yenil\u0259yin.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>CVE\u20112023\u20116895 \/ 6894 \/ 6893<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>2023\u20116895:<\/strong> <code>\/php\/ping.php<\/code> burada OS komanda enjeksiyas\u0131 (kritik) <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvekey.cgi?keyword=hikvision&amp;utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">cve.mitre.org+1nvd.nist.gov+1<\/a><\/li>\n\n\n\n<li><strong>2023\u20116894:<\/strong> Log fayl\u0131 i\u015fl\u0259yicisi-da m\u0259lumat s\u0131zmas\u0131 (orta) <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvekey.cgi?keyword=hikvision&amp;utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">cve.mitre.org+1nvd.nist.gov+1<\/a><\/li>\n\n\n\n<li><strong>2023\u20116893:<\/strong> <code>exportrecord.php<\/code> yol ke\u00e7idi (y\u00fcks\u0259k) <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvekey.cgi?keyword=hikvision&amp;utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">cve.mitre.org+1nvd.nist.gov+1<\/a><\/li>\n\n\n\n<li><strong>H\u0259ll yolu:<\/strong> Intercom Broadcasting System \u0259n az 4.1.0 versiyas\u0131n\u0131 yenil\u0259yin <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvekey.cgi?keyword=hikvision&amp;utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">cve.mitre.org+1nvd.nist.gov+1<\/a>.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>CVE\u20112023\u201133806<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>T\u0259svir:<\/strong> \u0130nteraktiv plan\u015fet DS\u2011D5B86RB\/B-da giri\u015f konfiqurasiyas\u0131 z\u0259ifl\u0259dilm\u0259sind\u0259n komanda enjeksiyas\u0131 m\u00fcmk\u00fcnd\u00fcr.<\/li>\n\n\n\n<li><strong>CVSS:<\/strong> (xarici), high s\u0259viy\u0259 <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvekey.cgi?keyword=hikvision&amp;utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">cve.mitre.org+1nvd.nist.gov+1<\/a><a href=\"https:\/\/nvd.nist.gov\/vuln\/search\/results?form_type=Basic&amp;query=hikvision&amp;results_type=overview&amp;search_type=all&amp;utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">cisa.gov+4nvd.nist.gov+4hikvision.com+4<\/a>.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>CVE\u20112024\u201129947, 29948, 29949<\/strong> (NVR cihazlar\u0131nda)<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>CVE<\/th><th>T\u0259svir<\/th><th>CVSS<\/th><\/tr><\/thead><tbody><tr><td>29947<\/td><td>NULL g\u00f6st\u0259riciy\u0259 istinad \u2013 DoS<\/td><td>2.7<\/td><\/tr><tr><td>29948<\/td><td>S\u0259rh\u0259dd\u0259n k\u0259nar oxuma \u2013 DoS<\/td><td>3.8<\/td><\/tr><tr><td><strong>29949<\/strong><\/td><td>Command injection \u2013 admin yetki il\u0259 \u0259mrl\u0259r icra etm\u0259k<\/td><td><strong>7.2<\/strong> <a href=\"https:\/\/www.hikvision.com\/en\/support\/cybersecurity\/security-advisory\/security-vulnerabilities-in-hikvision-nvr-devices\/?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">nvd.nist.gov+3hikvision.com+3cve.mitre.org+3<\/a><\/td><\/tr><\/tbody><\/table><\/figure>","protected":false},"excerpt":{"rendered":"<p>Hikvision z\u0259iflikl\u0259ri \u2014 bu IP kameralar v\u0259 video n\u0259zar\u0259t sistemind\u0259 a\u015fkarlanm\u0131\u015f t\u0259hl\u00fck\u0259sizlik bo\u015fluqlar\u0131d\u0131r. Bu bo\u015fluqlar cihazlar\u0131n istifad\u0259 m\u0259lumatlar\u0131n\u0131n o\u011furlanmas\u0131na, uzaqdan idar\u0259 edilm\u0259sin\u0259 v\u0259 ya n\u0259zar\u0259td\u0259n idar\u0259 edilm\u0259sin\u0259 s\u0259b\u0259b ola bil\u0259r. \ud83d\udccc M\u0259\u015fhur Hikvision z\u0259iflikl\u0259rind\u0259n biri: CVE-2021-36260 \u2014 kritik z\u0259iflik (9.8\/10 CVSS bal\u0131) \ud83c\udfaf Dig\u0259r m\u00fcmk\u00fcn z\u0259iflikl\u0259r: \ud83d\udee1\ufe0f M\u00fcdafi\u0259 yollar\u0131: A\u015fa\u011f\u0131da Hikvision avadanl\u0131qlar\u0131nda CVE s\u0259n\u0259dl\u0259rin\u0259 [\u2026]<\/p>","protected":false},"author":1,"featured_media":5729,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18],"tags":[179,181,174,182,173],"class_list":["post-5728","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security","tag-cybersecurity","tag-hikvision","tag-netadmin-2","tag-networking-2","tag-sysadm"],"_links":{"self":[{"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/posts\/5728","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/comments?post=5728"}],"version-history":[{"count":1,"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/posts\/5728\/revisions"}],"predecessor-version":[{"id":6578,"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/posts\/5728\/revisions\/6578"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/media\/5729"}],"wp:attachment":[{"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/media?parent=5728"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/categories?post=5728"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/tags?post=5728"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}