Lucene search

HikvisionCVE-2022-28173

HistoryDec 21, 2022 - 1:21 a.m.

CVE-2022-28173

2022-12-2101:21:43

CWE-284

hikvision

web.nvd.nist.gov

hikvision

wireless bridge

access control

vulnerability

cve-2022-28173

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.002

Percentile

53.8%

JSON

The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.

Affected configurations

Nvd

Node

hikvisionds-3wf0ac-2ntMatch-

AND

hikvisionds-3wf0ac-2nt_firmwareRange<1.1.0

Node

hikvisionds-3wf01c-2n\/oMatch-

AND

hikvisionds-3wf01c-2n\/o_firmwareRange<1.0.4

VendorProductVersionCPE
hikvisionds-3wf0ac-2nt-cpe:2.3:h:hikvision:ds-3wf0ac-2nt:-:*:*:*:*:*:*:*
hikvisionds-3wf0ac-2nt_firmware*cpe:2.3:o:hikvision:ds-3wf0ac-2nt_firmware:*:*:*:*:*:*:*:*
hikvisionds-3wf01c-2n\/o-cpe:2.3:h:hikvision:ds-3wf01c-2n\/o:-:*:*:*:*:*:*:*
hikvisionds-3wf01c-2n\/o_firmware*cpe:2.3:o:hikvision:ds-3wf01c-2n\/o_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hikvision	ds-3wf0ac-2nt	-	cpe:2.3:h:hikvision:ds-3wf0ac-2nt:-:::::::*
hikvision	ds-3wf0ac-2nt_firmware	*	cpe:2.3:o:hikvision:ds-3wf0ac-2nt_firmware::::::::
hikvision	ds-3wf01c-2n\/o	-	cpe:2.3:h:hikvision:ds-3wf01c-2n\/o:-:::::::*
hikvision	ds-3wf01c-2n\/o_firmware	*	cpe:2.3:o:hikvision:ds-3wf01c-2n\/o_firmware::::::::

CNA Affected

[
  {
    "vendor": "hikvision",
    "product": "DS-3WF0AC-2NT",
    "versions": [
      {
        "version": "V1.1.0",
        "status": "affected",
        "lessThan": "V1.1.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "hikvision",
    "product": "DS-3WF01C-2N/O",
    "versions": [
      {
        "version": "V1.0.4",
        "status": "affected",
        "lessThan": "V1.0.4",
        "versionType": "custom"
      }
    ]
  }
]

References

www.hikvision.com/en/support/cybersecurity/security-advisory/access-control-vulnerability-in-some-hikvision-wireless-bridge-products/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.002

Percentile

53.8%

JSON

Related for CVE-2022-28173