SN No. HSRC-202212-01
Edit: Hikvision Security Response Center (HSRC)
Initial Release Date: 2022-12-16
Summary
The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.
Hikvision has released a version to fix the vulnerability.
CVE ID
CVE-2022-28173
Scoring
CVSS v3 is adopted in this vulnerability scoring.
(http://www.first.org/cvss/specification-document)
Base score: 9.1(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
Temporal score: 8.2 (E:P/RL:O/RC:C)
Affected Versions and Fixes (If the upgrade fails, click online customer service to get help)
In the UK only the wireless bridge product DS-3WF01C-2N/O is impacted and identified in the Notice.
Product Name |
Affected Versions |
Fix Download |
DS-3WF0AC-2NT |
Versions below V1.1.0 |
V1.1.0 |
DS-3WF01C-2N/O |
Versions below V1.0.4 |
V1.0.4 |