Security Notification - Access Control Vulnerability in Some Hikvision Wireless Bridge Products

SN No. HSRC-202212-01

Edit: Centro de Resposta à Segurança da Hikvision (HSRC)

Data de publicação original: 2022-12-16

Resumo

The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.

Hikvision has released a version to fix the vulnerability.

ID DO CVE

CVE-2022-28173

Pontuação

Esta pontuação de vulnerabilidades adotou o CVSS v3.

(http://www.first.org/cvss/specification-document)

Pontuação base: 9.1(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)

Pontuação temporal: 8.2 (E:P/RL:O/RC:C)

Affected Versions and Fixes (If the upgrade fails, click online customer service to get help)

Nome do produto	Versões afetadas	Fix Download
DS-3WF0AC-2NT	Versions below V1.1.0	V1.1.0
DS-3WF01C-2N/O	Versions below V1.0.4	V1.0.4

Pré-condição

O atacante tem acesso de rede ao dispositivo.

Passo de ataque

Envio de uma mensagem maliciosa criada especificamente para o efeito.

Obtenção de versões corrigidas

Users can download patches/updates on the Hikvision official website.

Source of vulnerability information:

This vulnerability is reported to HSRC by Souvik Kandar, Arko Dhar of the Redinent Innovations team in India.

Contacte-nos

To report any security issues or vulnerabilities in Hikvision products and solutions, please contact Hikvision Security Response Center at hsrc@hikvision.com.

Hikvision would like to thank all security researchers for your attention to our products.