CRITICAL✓ PATCH🇬🇧 English

CVE-2022-28173

CVSS 9.1v3.1pub. 2022-12-19upd. 2024-11-21

The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Hikvision Ds 3wf01c 2n\/o

    HW
    Hikvision
    wszystkie wersje
  • Hikvision Ds 3wf01c 2n\/o Firmware

    OS
    Hikvision
    < 1.0.4
  • Hikvision Ds 3wf0ac 2nt

    HW
    Hikvision
    wszystkie wersje
  • Hikvision Ds 3wf0ac 2nt Firmware

    OS
    Hikvision
    < 1.1.0
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2021-36260CRITICAL9.8⚠ KEVten sam vendor

A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input v...

CVE-2017-7921CRITICAL9.8⚠ KEVten sam vendor

An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4....

CVE-2023-28812CRITICAL9.1PL ✓ten sam vendor

Buffer overflow w wtyczce przeglądarki Hikvision LocalServiceComponents

CVE-2023-28808CRITICAL9.1ten sam vendor

Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to o...

CVE-2013-4976CRITICAL9.8ten sam vendor

Hikvision DS-2CD7153-E IP Camera has security bypass via hardcoded credentials

CVE-2022-28173 — CRITICAL 9.1 | CVEbaza.pl