The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to execute restricted commands by sending messages with malicious commands to the affected device.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/170818/Hikvision-Remote-Code-Execution-XSS-SQL-Injection.html | Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/173653/Hikvision-Hybrid-SAN-Ds-a71024-SQL-Injection.html | Exploit Third Party Advisory VDB Entry |
https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-hybrid-san-products/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
History
02 Aug 2023, 17:21
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/173653/Hikvision-Hybrid-SAN-Ds-a71024-SQL-Injection.html - Exploit, Third Party Advisory, VDB Entry |
20 Jul 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
23 Feb 2023, 17:32
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/170818/Hikvision-Remote-Code-Execution-XSS-SQL-Injection.html - Third Party Advisory, VDB Entry |
31 Jan 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Jul 2022, 16:36
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-hybrid-san-products/ - Vendor Advisory | |
CWE | CWE-77 | |
First Time |
Hikvision ds-a71048r-cvs Firmware
Hikvision ds-a80624s Firmware Hikvision ds-a82024d Firmware Hikvision ds-a72072r Firmware Hikvision ds-a71072r Hikvision ds-a80316s Firmware Hikvision ds-a71072r Firmware Hikvision ds-a71048 Firmware Hikvision ds-a72072r Hikvision ds-a80624s Hikvision ds-a71024 Firmware Hikvision ds-a72048r-cvs Hikvision ds-a82024d Hikvision Hikvision ds-a81016s Firmware Hikvision ds-a72048r-cvs Firmware Hikvision ds-a71048r-cvs Hikvision ds-a72024 Firmware Hikvision ds-a72024 Hikvision ds-a80316s Hikvision ds-a71048 Hikvision ds-a81016s Hikvision ds-a71024 |
|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
CPE | cpe:2.3:h:hikvision:ds-a80624s:-:*:*:*:*:*:*:* cpe:2.3:o:hikvision:ds-a80316s_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:hikvision:ds-a72048r-cvs_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-a81016s:-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-a82024d:-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-a71048r-cvs:-:*:*:*:*:*:*:* cpe:2.3:o:hikvision:ds-a72024_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:hikvision:ds-a82024d_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:hikvision:ds-a71048_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:hikvision:ds-a71024_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:hikvision:ds-a71072r_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:hikvision:ds-a80624s_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-a80316s:-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-a71024:-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-a72024:-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-a72048r-cvs:-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-a72072r:-:*:*:*:*:*:*:* cpe:2.3:o:hikvision:ds-a71048r-cvs_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-a71048:-:*:*:*:*:*:*:* cpe:2.3:o:hikvision:ds-a72072r_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-a71072r:-:*:*:*:*:*:*:* cpe:2.3:o:hikvision:ds-a81016s_firmware:*:*:*:*:*:*:*:* |
27 Jun 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-06-27 18:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-28171
Mitre link : CVE-2022-28171
CVE.ORG link : CVE-2022-28171
JSON object : View
Products Affected
hikvision
- ds-a72048r-cvs
- ds-a72072r_firmware
- ds-a72072r
- ds-a71048
- ds-a80316s_firmware
- ds-a72024
- ds-a71024_firmware
- ds-a72024_firmware
- ds-a80624s_firmware
- ds-a82024d
- ds-a71048r-cvs
- ds-a81016s_firmware
- ds-a80624s
- ds-a82024d_firmware
- ds-a71024
- ds-a71048r-cvs_firmware
- ds-a71072r_firmware
- ds-a71072r
- ds-a80316s
- ds-a72048r-cvs_firmware
- ds-a81016s
- ds-a71048_firmware