CVE-2021-36260

Vulnerability updated 7 months ago (2024-05-04T22:18:24.675Z)

Download STIX

Preview STIX

CVE-2021-36260 is a critical command injection flaw found in the webserver of various Hikvision products. This vulnerability, a defect in software design or implementation, allows unauthorized users to execute arbitrary commands on the system, potentially leading to unauthorized access, data theft, or other malicious activities. The flaw was identified and disclosed in 2021, becoming a significant concern for cybersecurity professionals due to its potential for exploitation. The Mirai-based Moobot botnet, initially documented by Palo Alto Unit 42 researchers in February 2021, began exploiting this vulnerability in November 2021. Moobot, a variant of the infamous Mirai malware, targets Internet of Things (IoT) devices, converting them into bots that can be used for large-scale network attacks. The exploitation of CVE-2021-36260 allowed the botnet to gain control over affected Hikvision devices, further expanding its reach and impact. The exploitation of CVE-2021-36260 by the Moobot botnet underscores the importance of regular software updates and robust cybersecurity measures. Hikvision device users were urged to apply patches and updates promptly to mitigate the risk posed by this vulnerability. Overall, this case highlights the ongoing threats posed by botnets and the need for continuous vigilance in identifying and addressing software vulnerabilities.

Description last updated: 2024-05-04T21:49:04.420Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Botnet

Vulnerability

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Moobot Malware is associated with CVE-2021-36260. Moobot is a type of malware, or malicious software, designed to exploit and damage computer systems. It can infiltrate these systems via suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold dat	Unspecified	2
The Mirai Malware is associated with CVE-2021-36260. Mirai, a malware that targets Internet of Things (IoT) devices, was responsible for over 7 million botnet detections in early 2022. This malicious software infiltrates systems often without the user's knowledge and can steal personal information, disrupt operations, or hold data hostage for ransom.	Unspecified	2

Source Document References

Information about the CVE-2021-36260 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	9 months ago	Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations
Securityaffairs	9 months ago	US Gov dismantled the Moobot botnet controlled by Russia-linked APT28
CISA	2 years ago	Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors \| CISA
Threat Post	2 years ago	Cybercriminals Are Selling Access to Chinese Surveillance Cameras
CISA	2 years ago	Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors \| CISA
Securityaffairs	2 years ago	Moobot botnet spreads by targeting Cacti and RealTek flaws