HIGH✓ PATCH🇬🇧 English

CVE-2022-28171

CVSS 7.5v3.1pub. 2022-06-27upd. 2024-11-21

The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to execute restricted commands by sending messages with malicious commands to the affected device.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Hikvision Ds A71024

    HW
    Hikvision
    wszystkie wersje
  • Hikvision Ds A71024 Firmware

    OS
    Hikvision
    ≤ 1.1.4≤ 2.3.8-6
  • Hikvision Ds A71048

    HW
    Hikvision
    wszystkie wersje
  • Hikvision Ds A71048 Firmware

    OS
    Hikvision
    ≤ 2.3.8-6
  • Hikvision Ds A71048r Cvs

    HW
    Hikvision
    wszystkie wersje
  • Hikvision Ds A71048r Cvs Firmware

    OS
    Hikvision
    ≤ 1.1.4
  • Hikvision Ds A71072r

    HW
    Hikvision
    wszystkie wersje
  • Hikvision Ds A71072r Firmware

    OS
    Hikvision
    ≤ 2.3.8-6
  • Hikvision Ds A72024

    HW
    Hikvision
    wszystkie wersje
  • Hikvision Ds A72024 Firmware

    OS
    Hikvision
    ≤ 1.1.4≤ 2.3.8-6
  • Hikvision Ds A72048r Cvs

    HW
    Hikvision
    wszystkie wersje
  • Hikvision Ds A72048r Cvs Firmware

    OS
    Hikvision
    ≤ 1.1.4
  • Hikvision Ds A72072r

    HW
    Hikvision
    wszystkie wersje
  • Hikvision Ds A72072r Firmware

    OS
    Hikvision
    ≤ 2.3.8-6
  • Hikvision Ds A80316s

    HW
    Hikvision
    wszystkie wersje
  • Hikvision Ds A80316s Firmware

    OS
    Hikvision
    ≤ 2.3.8-6
  • Hikvision Ds A80624s

    HW
    Hikvision
    wszystkie wersje
  • Hikvision Ds A80624s Firmware

    OS
    Hikvision
    ≤ 2.3.8-6
  • Hikvision Ds A81016s

    HW
    Hikvision
    wszystkie wersje
  • Hikvision Ds A81016s Firmware

    OS
    Hikvision
    ≤ 2.3.8-6
  • Hikvision Ds A82024d

    HW
    Hikvision
    wszystkie wersje
  • Hikvision Ds A82024d Firmware

    OS
    Hikvision
    ≤ 2.3.8-6
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
Command Injection
CWE
Referencje

Powiązane podatności

CVE-2023-28808CRITICAL9.1ten sam produkt

Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to o...

CVE-2022-28172MEDIUM6.5ten sam produkt

The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability...

CVE-2021-36260CRITICAL9.8⚠ KEVten sam vendor

A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input v...

CVE-2017-7921CRITICAL9.8⚠ KEVten sam vendor

An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4....

CVE-2023-28812CRITICAL9.1PL ✓ten sam vendor

Buffer overflow w wtyczce przeglądarki Hikvision LocalServiceComponents

CVE-2022-28171 — HIGH 7.5 | CVEbaza.pl