### [CVE-2017-7921](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7921)
![](https://img.shields.io/static/v1?label=Product&message=Hikvision%20Cameras&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-287&color=brighgreen)

### Description

An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/1f3lse/taiE
- https://github.com/20142995/sectool
- https://github.com/201646613/CVE-2017-7921
- https://github.com/APPHIK/cam
- https://github.com/APPHIK/camz
- https://github.com/APPHIK/ip
- https://github.com/APPHIK/ipp
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/AnonkiGroup/AnonHik
- https://github.com/Ares-X/VulWiki
- https://github.com/BurnyMcDull/CVE-2017-7921
- https://github.com/D2550/CVE_2017_7921_EXP
- https://github.com/Elsfa7-110/kenzer-templates
- https://github.com/Haoke98/NetEye
- https://github.com/JrDw0/CVE-2017-7921-EXP
- https://github.com/K3ysTr0K3R/CVE-2017-7921-EXPLOIT
- https://github.com/K3ysTr0K3R/K3ysTr0K3R
- https://github.com/LearnGolang/LearnGolang
- https://github.com/MisakaMikato/cve-2017-7921-golang
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/SexyBeast233/SecBooks
- https://github.com/SouthWind0/southwind0.github.io
- https://github.com/Stealzoz/steal
- https://github.com/WhaleFell/CameraHack
- https://github.com/adamsvoboda/cyberchef-recipes
- https://github.com/b3pwn3d/CVE-2017-7921
- https://github.com/bigblackhat/oFx
- https://github.com/blkgzs/CameraHack
- https://github.com/bnhjuy77/tomde
- https://github.com/chrisjd20/hikvision_CVE-2017-7921_auth_bypass_config_decryptor
- https://github.com/fracergu/CVE-2017-7921
- https://github.com/h00die-gr3y/Metasploit
- https://github.com/huimzjty/vulwiki
- https://github.com/inj3ction/CVE-2017-7921-EXP
- https://github.com/jorhelp/Ingram
- https://github.com/k8gege/Ladon
- https://github.com/krypton612/hikivision
- https://github.com/lions2012/Penetration_Testing_POC
- https://github.com/p4tq/hikvision_CVE-2017-7921_auth_bypass_config_decryptor
- https://github.com/rmic/hikexpl
- https://github.com/securitycipher/daily-bugbounty-writeups
- https://github.com/sponkmonk/Ladon_english_update
- https://github.com/wafinfo/DecryptTools
- https://github.com/xuetusummer/Penetration_Testing_POC
- https://github.com/yousouf-Tasfin/cve-2017-7921-Mass-Exploit
- https://github.com/zhanwang110/Ingram