CVE-2021-36260

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
CVE-2021-36260 is a critical command injection flaw found in the webserver of various Hikvision products. This vulnerability, a defect in software design or implementation, allows unauthorized users to execute arbitrary commands on the system, potentially leading to unauthorized access, data theft, or other malicious activities. The flaw was identified and disclosed in 2021, becoming a significant concern for cybersecurity professionals due to its potential for exploitation. The Mirai-based Moobot botnet, initially documented by Palo Alto Unit 42 researchers in February 2021, began exploiting this vulnerability in November 2021. Moobot, a variant of the infamous Mirai malware, targets Internet of Things (IoT) devices, converting them into bots that can be used for large-scale network attacks. The exploitation of CVE-2021-36260 allowed the botnet to gain control over affected Hikvision devices, further expanding its reach and impact. The exploitation of CVE-2021-36260 by the Moobot botnet underscores the importance of regular software updates and robust cybersecurity measures. Hikvision device users were urged to apply patches and updates promptly to mitigate the risk posed by this vulnerability. Overall, this case highlights the ongoing threats posed by botnets and the need for continuous vigilance in identifying and addressing software vulnerabilities.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Botnet
Vulnerability
hikvision
flaw
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
MoobotUnspecified
2
Moobot is a malicious software (malware) that has been active since at least 2016. It infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or even hold data for ransom once inside. The Moobot botnet includes other routers and virtu
MiraiUnspecified
2
Mirai is a notorious malware that targets Internet of Things (IoT) devices to form a botnet, which can then be used to launch distributed denial-of-service (DDoS) attacks. In early 2022, Mirai botnets accounted for over 7 million detections, highlighting the widespread nature of this threat. However
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the CVE-2021-36260 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CISA
a year ago
Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors | CISA
Threat Post
a year ago
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
CERT-EU
4 months ago
Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations
CISA
a year ago
Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors | CISA
Securityaffairs
a year ago
Moobot botnet spreads by targeting Cacti and RealTek flaws
Securityaffairs
4 months ago
US Gov dismantled the Moobot botnet controlled by Russia-linked APT28