Security Notification - Access Control Vulnerability in Some Hikvision Wireless Bridge Products

Security Notification – Access Control Vulnerability in Some Hikvision Wireless Bridge Products

SN No. HSRC-202212-01

Edit: HSRC (centro de respuesta de seguridad de Hikvision):

Fecha de publicación inicial: 2022-12-16

 

Resumen

The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.

Hikvision has released a version to fix the vulnerability.

 

CVE ID

CVE-2022-28173

 

Calificación

Se adopta CVSS v3 en esta calificación de vulnerabilidad. 

(http://www.first.org/cvss/specification-document)

Calificación básica: 9.1(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)

Calificación temporal: 8.2 (E:P/RL:O/RC:C)

 

Affected Versions and Fixes (If the upgrade fails, click online customer service to get help)

Nombre del producto Versiones afectadas Fix Download
DS-3WF0AC-2NT Versions below V1.1.0 V1.1.0
DS-3WF01C-2N/O Versions below V1.0.4 V1.0.4

Condición previa

El atacante tiene acceso de red al dispositivo.

 

Paso del ataque

Enviar un mensaje malicioso especialmente creado.

 

Obtener versiones corregidas

Users can download patches/updates on the Hikvision official website.

 

Source of vulnerability information:

This vulnerability is reported to HSRC by Souvik Kandar, Arko Dhar of the Redinent Innovations team in India.

 

Contáctenos

To report any security issues or vulnerabilities in Hikvision products and solutions, please contact Hikvision Security Response Center at hsrc@hikvision.com.

Hikvision would like to thank all security researchers for your attention to our products.

 

Este sitio web utiliza cookies para almacenar información en su dispositivo. Las cookies ayudan a que nuestro sitio web funcione normalmente y nos muestran cómo podemos mejorar su experiencia de usuario.

Al continuar navegando por el sitio, usted acepta nuestra política de cookies y nuestra política de privacidad.

Contáctenos
Hik-Partner Pro close
Hik-Partner Pro
Security Business Assistant. At Your Fingertips. Learn more
Hik-Partner Pro
Scan and download the app
Hik-Partner Pro
Hik-Partner Pro
back to top

Get a better browsing experience

You are using a web browser we don’t support. Please try one of the following options to have a better experience of our web content.