{"id":5728,"date":"2025-06-11T07:29:25","date_gmt":"2025-06-11T03:29:25","guid":{"rendered":"https:\/\/jsnet.biz\/?p=5728"},"modified":"2025-11-26T14:10:19","modified_gmt":"2025-11-26T10:10:19","slug":"%d1%85%d0%b8%d0%ba%d0%b2%d0%b8%d0%b7%d0%b8%d0%be%d0%bd-%d0%b7%c9%99%d0%b8%d1%84%d0%bb%d0%b8%d0%b9%d0%b8","status":"publish","type":"post","link":"https:\/\/jsnet.biz\/ru\/%d1%85%d0%b8%d0%ba%d0%b2%d0%b8%d0%b7%d0%b8%d0%be%d0%bd-%d0%b7%c9%99%d0%b8%d1%84%d0%bb%d0%b8%d0%b9%d0%b8\/","title":{"rendered":"Hikvision Z\u0259ifliyi"},"content":{"rendered":"<p><strong>Hikvision z\u0259iflikl\u0259ri<\/strong> \u2014 \u0435\u0441\u043b\u0438 \u0443 \u0432\u0430\u0441 \u0435\u0441\u0442\u044c IP-\u043a\u0430\u043c\u0435\u0440\u0430 \u0438 \u0432\u0438\u0434\u0435\u043e, \u0441\u0438\u0441\u0442\u0435\u043c\u0430 \u043d\u0435 \u0431\u0443\u0434\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0430 \u0434\u043b\u044f \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430. Bu bosluqlar cihazlar\u0131n <strong>h\u0259ssas m\u0259lumatlar\u0131n\u0131n o\u011furlanmas\u0131na, uzaqdan idar\u0259 edilm\u0259sin\u0259 v\u0259 ya systemin n\u0259zar\u0259td\u0259n \u00e7\u0131xar\u0131lmas\u0131na<\/strong> s\u0259b\u0259b ola bil\u0259r.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udccc M\u0259\u015fhur Hikvision z\u0259iflikl\u0259rind\u0259n biri:<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>CVE-2021-36260<\/strong> \u2014 \u043a\u0440\u0438\u0442\u0438\u043a z\u0259iflik (9,8\/10 \u0431\u0430\u043b\u043b\u043e\u0432 CVSS)<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>T\u0259sviri:<\/strong> IP-\u043a\u0430\u043c\u0435\u0440\u0430 Hikvision \u0438 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 NVR <strong>\u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0438\u043d\u0434\u0430<\/strong> a\u015fkarlan\u0131b.<\/li>\n\n\n\n<li><strong>Problemin n\u00f6v\u00fc:<\/strong> <strong>\u0412\u0432\u0435\u0434\u0435\u043d\u0438\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b (\u018fmr yeritm\u0259)<\/strong><\/li>\n\n\n\n<li><strong>T\u0259siri:<\/strong> \u0425\u0430\u043a\u0435\u0440, t\u0259sdiql\u0259nm\u0259mi\u015f \u015f\u0259kild\u0259 sistemd\u0259 ist\u0259diyi \u0259mrl\u0259ri icra ed\u0259 bil\u0259r.<\/li>\n\n\n\n<li><strong>Uzaqdan giri\u015f imkan\u0131:<\/strong> <strong>\u0410\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f olmadan<\/strong> (y\u0259ni parol t\u0259l\u0259b olunmadan).<\/li>\n\n\n\n<li><strong>T\u0259sir dair\u0259si:<\/strong> D\u00fcnyada 100 milyondan \u00e7ox cihaz t\u0259sirl\u0259nmi\u015f ola bil\u0259r.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83c\udfaf Dig\u0259r m\u00fcmk\u00fcn z\u0259iflikl\u0259r:<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u041f\u0430\u0440\u043e\u043b\u044c \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e<\/strong> \u2014 \u201cadmin\/12345\u201d \u041a\u0438\u043c\u0438 \u0441\u0430\u0434\u0438\u0442\u0441\u044f \u0432 \u043f\u0430\u0440\u043e\u043b\u044c \u0438\u0441\u0442\u0438\u0444\u0430\u0434 olunmas\u0131.<\/li>\n\n\n\n<li><strong>HTTPS yox, HTTP istifad\u0259si<\/strong> \u2014 \u015fifr\u0259l\u0259nm\u0259mi\u015f \u0259laq\u0259.<\/li>\n\n\n\n<li><strong>\u041f\u0440\u043e\u0448\u0438\u0432\u043a\u0430 yenil\u0259nm\u0259m\u0259si<\/strong> \u2014 k\u00f6hn\u0259 proqram t\u0259minat\u0131 z\u0259iflikl\u0259r\u0259 qar\u015f\u0131 h\u0259ssasd\u0131r.<\/li>\n\n\n\n<li><strong>RTSP \u0430\u043a\u0442\u0438\u0432\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438<\/strong> \u2014 \u041a\u0430\u043c\u0435\u0440\u0430 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0433\u043e\u0442\u043e\u0432\u0430 \u043a \u0440\u0430\u0431\u043e\u0442\u0435 \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0430\u0441\u0430\u043d\u043b\u0430\u0448\u0438\u0440\u0443.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udee1\ufe0f M\u00fcdafi\u0259 yollar\u0131:<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Firmware-i yenil\u0259yin<\/strong> \u2014 Hikvision \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u0440\u0443\u0433\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438.<\/li>\n\n\n\n<li><strong>Default parollar\u0131 d\u0259yi\u015fin<\/strong> v\u0259 g\u00fccl\u00fc parollar istifad\u0259 edin.<\/li>\n\n\n\n<li><strong>\u015e\u0259b\u0259k\u0259 \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440 t\u0259tbiq edin<\/strong>, \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442-\u043a\u0430\u043c\u0435\u0440\u0430 \u0432 \u0440\u0435\u0436\u0438\u043c\u0435 \u043e\u043d\u043b\u0430\u0439\u043d.<\/li>\n\n\n\n<li><strong>VPN v\u0259 ya NAT<\/strong> istifad\u0259 ed\u0259r\u0259k yaln\u0131z local v\u0259 ya t\u0259hl\u00fck\u0259siz \u015f\u0259b\u0259k\u0259d\u0259n giri\u015f\u0259 icaz\u0259 verin.<\/li>\n\n\n\n<li><strong>HTTPS<\/strong> d\u0259st\u0259yini aktiv edin (\u0259g\u0259r cihaz d\u0259st\u0259kl\u0259yirs\u0259).<\/li>\n<\/ol>\n\n\n\n<p>\u0410\u0448\u0430\u0433\u044b\u0434\u0430 <strong>\u0425\u0438\u043a\u0432\u0438\u0437\u0438\u043e\u043d<\/strong> avadanl\u0131qlar\u0131nda CVE s\u0259n\u0259dl\u0259rin\u0259 \u0259sas\u0259n a\u015fkarlanm\u0131\u015f m\u00fch\u00fcm z\u0259iflikl\u0259r t\u0259qdim olunur. H\u0259r z\u0259iflik \u00fc\u00e7\u00fcn t\u0259sviri, t\u0259sir r\u0259q\u0259mi (CVSS) v\u0259 t\u00f6vsiy\u0259 olunan t\u0259dbirl\u0259r yer al\u0131r.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udee0 M\u00fch\u00fcm CVE z\u0259iflikl\u0259ri<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>CVE\u20112021\u201136260<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>\u041d\u0451\u0432\u044e:<\/strong> \u041a\u043e\u043c\u0430\u043d\u0434\u0430 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 (\u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u043a\u043e\u043c\u0430\u043d\u0434)<\/li>\n\n\n\n<li><strong>CVSS:<\/strong> 9,8\/10 (\u043a\u0440\u0438\u0442\u0438\u043a\u0430) <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-36260&amp;utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">en.wikipedia.org+7cve.mitre.org+7nvd.nist.gov+7<\/a><a href=\"https:\/\/en.wikipedia.org\/wiki\/Hikvision?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">nvd.nist.gov+3en.wikipedia.org+3hikvision.com+3<\/a><\/li>\n\n\n\n<li><strong>\u0422\u0259\u0441\u0438\u0440:<\/strong> He\u00e7 bir autentifikasiya olmadan uzaqdan \u0259mrl\u0259r icra oluna bil\u0259r.<\/li>\n\n\n\n<li><strong>\u018fhat\u0259 dair\u0259si:<\/strong> IP \u043a\u0430\u043c\u0435\u0440\u0430, \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0430 \u043e\u0442 2021 \u0433\u043e\u0434\u0430, \u0432\u0435\u0440\u0441\u0438\u044f (\u0441\u0431\u043e\u0440\u043a\u0430 &lt; 210628) t\u0259sir\u0259 m\u0259ruz qal\u0131b <a href=\"https:\/\/www.hikvision.com\/us-en\/support\/cybersecurity\/security-advisory\/security-notification-command-injection-vulnerability-in-some-hikvision-products\/security-notification-command-injection-vulnerability-in-some-hikvision-products\/?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">cve.mitre.org+3hikvision.com+3cve.mitre.org+3<\/a>.<\/li>\n\n\n\n<li><strong>H\u0259ll yolu:<\/strong> Firmware-i yenil\u0259yin.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>CVE\u20112023\u20116895 \/ 6894 \/ 6893<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>2023\u20116895:<\/strong> <code>\/php\/ping.php<\/code> vasit\u0259sil\u0259 OS \u043a\u043e\u043c\u0430\u043d\u0434\u0430 enjeksiyas\u0131 (\u043a\u0440\u0438\u0442\u0438\u043a) <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvekey.cgi?keyword=hikvision&amp;utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">cve.mitre.org+1nvd.nist.gov+1<\/a><\/li>\n\n\n\n<li><strong>2023\u20116894:<\/strong> \u041e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a \u0444\u0430\u0439\u043b\u0430 \u0436\u0443\u0440\u043d\u0430\u043b\u0430-\u0434\u0430-m\u0259lumat S\u0131zmas\u0131 (\u0441\u0440\u0435\u0434\u043d\u0438\u0439) <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvekey.cgi?keyword=hikvision&amp;utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">cve.mitre.org+1nvd.nist.gov+1<\/a><\/li>\n\n\n\n<li><strong>2023\u20116893:<\/strong> <code>exportrecord.php<\/code> vasit\u0259sil\u0259 \u043f\u0440\u043e\u0445\u043e\u0436\u0434\u0435\u043d\u0438\u0435 \u043f\u0443\u0442\u0438 (\u0432\u044b\u0441\u043e\u043a\u043e\u0435) <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvekey.cgi?keyword=hikvision&amp;utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">cve.mitre.org+1nvd.nist.gov+1<\/a><\/li>\n\n\n\n<li><strong>H\u0259ll yolu:<\/strong> \u0421\u0438\u0441\u0442\u0435\u043c\u0430 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0435\u0433\u043e \u0432\u0435\u0449\u0430\u043d\u0438\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0430 \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 4.1.0. <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvekey.cgi?keyword=hikvision&amp;utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">cve.mitre.org+1nvd.nist.gov+1<\/a>.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>CVE\u20112023\u201133806<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>T\u0259svir:<\/strong> \u0418\u043d\u0442\u0435\u0440\u0430\u043a\u0442\u0438\u0432\u043d\u044b\u0439 \u043f\u043b\u0430\u043d\u0448\u0435\u0442 DS\u2011D5B86RB\/B-da giri\u015f konfiqurasiyas\u0131 z\u0259ifliyind\u0259n komanda enjeksiyas\u0131 m\u00fcmk\u00fcndur.<\/li>\n\n\n\n<li><strong>CVSS:<\/strong> (xarici), high s\u0259viyy\u0259 <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvekey.cgi?keyword=hikvision&amp;utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">cve.mitre.org+1nvd.nist.gov+1<\/a><a href=\"https:\/\/nvd.nist.gov\/vuln\/search\/results?form_type=Basic&amp;query=hikvision&amp;results_type=overview&amp;search_type=all&amp;utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">cisa.gov+4nvd.nist.gov+4hikvision.com+4<\/a>.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>CVE\u20112024\u201129947, 29948, 29949<\/strong> (NVR cihazlar\u0131nda)<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>CVE<\/th><th>\u0422\u044d\u0441\u0432\u0438\u0440<\/th><th>CVSS<\/th><\/tr><\/thead><tbody><tr><td>29947<\/td><td>\u0420\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f \u2014 DoS<\/td><td>2.7<\/td><\/tr><tr><td>29948<\/td><td>\u0427\u0442\u0435\u043d\u0438\u0435 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u043e\u0433\u043e \u0434\u0438\u0430\u043f\u0430\u0437\u043e\u043d\u0430 \u2013 DoS-\u0430\u0442\u0430\u043a\u0430<\/td><td>3.8<\/td><\/tr><tr><td><strong>29949<\/strong><\/td><td>\u0412\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u043a\u043e\u043c\u0430\u043d\u0434 \u2013 admin Yetki il\u0259 \u0259mrl\u0259r icra etm\u0259k<\/td><td><strong>7.2<\/strong> <a href=\"https:\/\/www.hikvision.com\/en\/support\/cybersecurity\/security-advisory\/security-vulnerabilities-in-hikvision-nvr-devices\/?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\">nvd.nist.gov+3hikvision.com+3cve.mitre.org+3<\/a><\/td><\/tr><\/tbody><\/table><\/figure>","protected":false},"excerpt":{"rendered":"<p>Hikvision z\u0259iflikl\u0259ri \u2014 \u0441 \u043c\u0430\u0440\u043a\u0438\u0440\u043e\u0432\u043a\u043e\u0439 IP-\u043a\u0430\u043c\u0435\u0440\u044b \u0438 \u0432\u0438\u0434\u0435\u043e\u0441\u0438\u0441\u0442\u0435\u043c\u043e\u0439, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0441 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c\u044e \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430 \u0432\u0438\u0434\u0435\u043e. \u0415\u0441\u043b\u0438 \u0432\u044b \u0445\u043e\u0442\u0438\u0442\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0431\u043e\u043b\u044c\u0448\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0432 \u0434\u0440\u0443\u0433\u0438\u0445 \u043c\u0435\u0441\u0442\u0430\u0445, \u0432\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u0443, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0432\u044b \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442\u0435. \ud83d\udccc \u0414\u043e\u0441\u0442\u0443\u043f Hikvision: CVE-2021-36260 \u2014 \u043a\u0440\u0438\u0442\u0438\u043a\u0430 (9,8\/10 \u0431\u0430\u043b\u043b\u043e\u0432 CVSS) Hikvision \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 CVE \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e [\u2026]<\/p>","protected":false},"author":1,"featured_media":5729,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18],"tags":[179,181,174,182,173],"class_list":["post-5728","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security","tag-cybersecurity","tag-hikvision","tag-netadmin-2","tag-networking-2","tag-sysadm"],"_links":{"self":[{"href":"https:\/\/jsnet.biz\/ru\/wp-json\/wp\/v2\/posts\/5728","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jsnet.biz\/ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jsnet.biz\/ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jsnet.biz\/ru\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jsnet.biz\/ru\/wp-json\/wp\/v2\/comments?post=5728"}],"version-history":[{"count":1,"href":"https:\/\/jsnet.biz\/ru\/wp-json\/wp\/v2\/posts\/5728\/revisions"}],"predecessor-version":[{"id":6578,"href":"https:\/\/jsnet.biz\/ru\/wp-json\/wp\/v2\/posts\/5728\/revisions\/6578"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jsnet.biz\/ru\/wp-json\/wp\/v2\/media\/5729"}],"wp:attachment":[{"href":"https:\/\/jsnet.biz\/ru\/wp-json\/wp\/v2\/media?parent=5728"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jsnet.biz\/ru\/wp-json\/wp\/v2\/categories?post=5728"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jsnet.biz\/ru\/wp-json\/wp\/v2\/tags?post=5728"}],"curies":[{"name":"WP","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}