EIP-2026-101770
PRE-CVEHikvision Digital Video Recorder - Cross-Site Request Forgery
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-101770. PoCs published by LiquidWorm.
AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in Hikvision Digital Video Recorders, allowing an attacker to add an operator via a crafted HTTP request without proper validity checks. The PoC uses an HTML form to submit a malicious POST request to the target device.
Description
Hikvision Digital Video Recorder - Cross-Site Request Forgery
Exploits (1)
exploitdb
WORKING POC
by LiquidWorm · htmlwebappshardware
https://www.exploit-db.com/exploits/39677
This exploit demonstrates a CSRF vulnerability in Hikvision Digital Video Recorders, allowing an attacker to add an operator via a crafted HTTP request without proper validity checks. The PoC uses an HTML form to submit a malicious POST request to the target device.
Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target:
Hikvision Digital Video Recorder (LV-D2104CS, DS-7316HFI-ST, DS-7216HVI-SV/A, DS-7208HVI-SH, DS-7204HVI-SH)
No auth needed
Prerequisites:
Victim must be logged into the Hikvision interface · Victim must visit a malicious webpage hosting the exploit
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026