The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.
References
Link | Resource |
---|---|
https://www.hikvision.com/en/support/cybersecurity/security-advisory/access-control-vulnerability-in-some-hikvision-wireless-bridge-products/ | Patch Vendor Advisory |
Configurations
History
29 Dec 2022, 18:46
Type | Values Removed | Values Added |
---|---|---|
First Time |
Hikvision ds-3wf0ac-2nt
Hikvision ds-3wf01c-2n\/o Hikvision ds-3wf0ac-2nt Firmware Hikvision ds-3wf01c-2n\/o Firmware Hikvision |
|
CPE | cpe:2.3:o:hikvision:ds-3wf0ac-2nt_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:hikvision:ds-3wf01c-2n\/o_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-3wf0ac-2nt:-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-3wf01c-2n\/o:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CWE | NVD-CWE-Other | |
References | (MISC) https://www.hikvision.com/en/support/cybersecurity/security-advisory/access-control-vulnerability-in-some-hikvision-wireless-bridge-products/ - Patch, Vendor Advisory |
19 Dec 2022, 16:52
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-12-19 16:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-28173
Mitre link : CVE-2022-28173
CVE.ORG link : CVE-2022-28173
JSON object : View
Products Affected
hikvision
- ds-3wf01c-2n\/o_firmware
- ds-3wf01c-2n\/o
- ds-3wf0ac-2nt
- ds-3wf0ac-2nt_firmware
CWE