Full title: Hikvision Remote Code Execution / XSS / SQL Injection Vulnerabilities 
Category: web applications
Platform: hardware
Some Hikvision Hybrid SAN products were vulnerable to multiple remote code execution (command injection) vulnerabilities, including reflected cross site scripting, Ruby code injection, classic and blind SQL injection resulting in remote code execution that allows an adversary to execute arbitrary operating system commands and more. However, an adversary must be on the same network to leverage this vulnerability to execute arbitrary commands.

# 0day.today @ http://0day.today/