EIP-2026-101771

PRE-CVE

Hikvision IP Camera 5.4.0 - User Enumeration (Metasploit)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101771. PoCs published by Alfie.

AI-analyzed exploit summary This Metasploit module exploits an unauthenticated backdoor in Hikvision IP cameras to retrieve plain-text passwords for all configured users by sending a crafted GET request to the '/System/configurationFile' endpoint with a hardcoded authentication bypass.

Description

Hikvision IP Camera 5.4.0 - User Enumeration (Metasploit)

Exploits (1)

exploitdb WORKING POC

by Alfie · rubywebappshardware

https://www.exploit-db.com/exploits/45231

View Code ZIP pw:eip

This Metasploit module exploits an unauthenticated backdoor in Hikvision IP cameras to retrieve plain-text passwords for all configured users by sending a crafted GET request to the '/System/configurationFile' endpoint with a hardcoded authentication bypass.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Hikvision IP Cameras (multiple series, versions 5.2.0 to 5.4.5)

No auth needed

Prerequisites: Network access to the target camera · Camera must be running a vulnerable firmware version

MITRE ATT&CK

T1110 - Brute Force T1078 - Valid Accounts

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026