CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Jan 24, 2022

CVE-2021-36260

High

EPSS 94.4%CISA KEV

Hikvision/Security cameras web server

Description

A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation.

EPSS — Exploit Probability

94.4%

Higher than 100.0% of all CVEs

Required Action

https://nvd.nist.gov/vuln/detail/CVE-2021-36260

Related Articles (2)

Iran-Linked MuddyWater Hackers Target U.S. Networks With New Dindoor Backdoor

Iran-linked MuddyWater hackers breached U.S. networks with new Dindoor malware as regional cyber attacks escalate amid Middle East conflict.

Mar 6, 2026

Malware & Threats

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.

Aug 25, 2022

Risk Assessment

HIGH

In CISA KEV

High EPSS

Details

Severity: High
EPSS: 94.4%
CISA KEV: Yes
Ransomware: Unknown
Articles: 2

Timeline

Published

Jan 10, 2022

Added to KEV

Jan 10, 2022

Remediation Due

Jan 24, 2022

Affected Product

Hikvision

Security cameras web server

View all Hikvision CVEs

External Links

NVD (NIST)CVE Details MITRE CVE