bashis

29 exploits Active since Aug 2001
CVE-2021-36260 NOMISEC CRITICAL WORKING POC
Hikvision IP Camera Unauthenticated Command Injection
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.
291 stars
CVSS 9.8
CVE-2021-36260 NOMISEC CRITICAL WORKING POC
Hikvision IP Camera Unauthenticated Command Injection
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.
CVSS 9.8
CVE-2018-25118 WRITEUP CRITICAL WORKING POC
GeoVision embedded IP devices - Command Injection
GeoVision embedded IP devices, confirmed on GV-BX1500 and GV-MFD1501, contain a remote command injection vulnerability via /PictureCatch.cgi that enables an attacker to execute arbitrary commands on the device. The vulnerable models have been declared end-of-life (EOL) by the vendor. VulnCheck has observed this vulnerability being exploited in the wild as of 2025-10-19 08:55:13.141502 UTC.
CVE-2018-10661 VULNCHECK_XDB CRITICAL WORKING POC
Axis IP Cameras - Access Control Bypass
An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.
CVSS 9.8
CVE-2019-1912 EXPLOITDB CRITICAL python WORKING POC
Cisco Small Business 220 Series Smart Switches < 1.1.4.4 - Arbitrary File Upload
A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to upload arbitrary files. The vulnerability is due to incomplete authorization checks in the web management interface. An attacker could exploit this vulnerability by sending a malicious request to certain parts of the web management interface. Depending on the configuration of the affected switch, the malicious request must be sent via HTTP or HTTPS. A successful exploit could allow the attacker to modify the configuration of an affected device or to inject a reverse shell. This vulnerability affects Cisco Small Business 220 Series Smart Switches running firmware versions prior to 1.1.4.4 with the web management interface enabled. The web management interface is enabled via both HTTP and HTTPS by default.
CVSS 9.1
CVE-2019-1913 EXPLOITDB CRITICAL python WORKING POC
Cisco Small Business 220 Series Smart Switches < 1.1.4.4 - Unauthenticated Remote Code Execution via Buffer Overflow
Multiple vulnerabilities in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to overflow a buffer, which then allows the execution of arbitrary code with root privileges on the underlying operating system. The vulnerabilities are due to insufficient validation of user-supplied input and improper boundary checks when reading data into an internal buffer. An attacker could exploit these vulnerabilities by sending malicious requests to the web management interface of an affected device. Depending on the configuration of the affected switch, the malicious requests must be sent via HTTP or HTTPS.
CVSS 9.8
CVE-2018-25126 WRITEUP CRITICAL WRITEUP
Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 - Command Injec...
Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware (used by many white-labeled DVR/NVR/IPC products) contains hardcoded API credentials and an OS command injection flaw in its configuration services. The web/API interface accepts HTTP/XML requests authenticated with a fixed vendor credential string and passes user-controlled fields into shell execution contexts without proper argument sanitization. An unauthenticated remote attacker can leverage the hard-coded credential to access endpoints such as /editBlackAndWhiteList and inject shell metacharacters inside XML parameters, resulting in arbitrary command execution as root. The same vulnerable backend is also reachable in some models through a proprietary TCP service on port 4567 that accepts a magic GUID preface and base64-encoded XML, enabling the same command injection sink. Firmware releases from mid-February 2018 and later are reported to have addressed this issue. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-28 UTC.
CVE-2019-11001 WRITEUP HIGH WORKING POC
Reolink RLC-410W/C1/C2/RLC-422W/RLC-511W <1.0.227 Authenticated OS Command Injection
On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field.
CVSS 7.2
CVE-2018-25118 EXPLOITDB CRITICAL text WORKING POC
GeoVision embedded IP devices - Command Injection
GeoVision embedded IP devices, confirmed on GV-BX1500 and GV-MFD1501, contain a remote command injection vulnerability via /PictureCatch.cgi that enables an attacker to execute arbitrary commands on the device. The vulnerable models have been declared end-of-life (EOL) by the vendor. VulnCheck has observed this vulnerability being exploited in the wild as of 2025-10-19 08:55:13.141502 UTC.
CVE-2021-36260 METASPLOIT CRITICAL ruby WORKING POC
Hikvision IP Camera Unauthenticated Command Injection
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.
CVSS 9.8
EIP-2026-104112 EXPLOITDB text WORKING POC
Uniview - Remote Command Execution / Export Config (PoC)
EIP-2026-104118 EXPLOITDB text WORKING POC
Vivotek IP Cameras - Remote Stack Overflow (PoC)
EIP-2026-104117 EXPLOITDB text WORKING POC
Vitek - Remote Command Execution / Information Disclosure (PoC)
EIP-2026-103870 EXPLOITDB text WORKING POC
Axis SSI - Remote Command Execution / Read Files
EIP-2026-103868 EXPLOITDB text WRITEUP
Axis Communications MPQT/PACS - Heap Overflow / Information Leakage
EIP-2026-103869 EXPLOITDB python WORKING POC
Axis Communications MPQT/PACS 5.20.x - Server-Side Include Daemon Remote Format String
EIP-2026-103890 EXPLOITDB python WORKING POC
Dahua Generation 2/3 - Backdoor Access
EIP-2026-103587 EXPLOITDB text WORKING POC
Multiple OEM - 'nsd' Remote Stack Format String (PoC)
CVE-2021-36260 EXPLOITDB CRITICAL python WORKING POC
Hikvision IP Camera Unauthenticated Command Injection
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.
CVSS 9.8
EIP-2026-101288 EXPLOITDB python WORKING POC
Geovision Inc. IP Camera & Video - Remote Command Execution
CVE-2019-1914 EXPLOITDB HIGH python WORKING POC
Cisco Small Business 220 Series Smart Switches < 1.1.4.4 - Authenticated Command Injection via Web Management Interface
A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious request to certain parts of the web management interface. To send the malicious request, the attacker needs a valid login session in the web management interface as a privilege level 15 user. Depending on the configuration of the affected switch, the malicious request must be sent via HTTP or HTTPS. A successful exploit could allow the attacker to execute arbitrary shell commands with the privileges of the root user.
CVSS 7.2
EIP-2026-101068 EXPLOITDB text WORKING POC
QNAP NVR/NAS Devices - Buffer Overflow (PoC)
EIP-2026-101297 EXPLOITDB python WORKING POC
Herospeed - 'TelnetSwitch' Remote Stack Overflow / Overwrite Password / Enable TelnetD
EIP-2026-101067 EXPLOITDB text WORKING POC
QNAP NAS Devices - Heap Overflow
EIP-2026-100746 EXPLOITDB text WORKING POC
Axis Network Camera 2.x And Video Server 1-3 - Directory Traversal