Lucene search

HikvisionCVELIST:CVE-2022-28173

HistoryDec 21, 2022 - 1:21 a.m.

CVE-2022-28173

2022-12-2101:21:43

CWE-284

hikvision

www.cve.org

cve-2022-28173

web server

access control

hikvision

wireless bridge

admin permission

crafted messages

vulnerability

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

9.5

Confidence

High

EPSS

0.002

Percentile

53.8%

JSON

The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.

CNA Affected

[
  {
    "vendor": "hikvision",
    "product": "DS-3WF0AC-2NT",
    "versions": [
      {
        "version": "V1.1.0",
        "status": "affected",
        "lessThan": "V1.1.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "hikvision",
    "product": "DS-3WF01C-2N/O",
    "versions": [
      {
        "version": "V1.0.4",
        "status": "affected",
        "lessThan": "V1.0.4",
        "versionType": "custom"
      }
    ]
  }
]

References

www.hikvision.com/en/support/cybersecurity/security-advisory/access-control-vulnerability-in-some-hikvision-wireless-bridge-products/

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

9.5

Confidence

High

EPSS

0.002

Percentile

53.8%

JSON

Related for CVELIST:CVE-2022-28173