CVE-2022-28173

Published: Dec 19, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.

Affected (2)

Products: Hikvision: Ds 3wf0ac 2nt Firmware, Ds 3wf01c 2n/o Firmware

Hikvision

2 products

Ds 3wf0ac 2nt Firmware

Ds 3wf01c 2n/o Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hikvision Ds 3wf0ac 2nt Firmware	Before 1.1.0

Running on/with	Platform Versions
Hikvision Ds 3wf0ac 2nt	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hikvision Ds 3wf01c 2n/o Firmware	Before 1.0.4

Running on/with	Platform Versions
Hikvision Ds 3wf01c 2n/o	All versions

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://www.hikvision.com/en/support/cybersecurity/security-advisory/access-control-vulnerability-in-some-hikvision-wireless-bridge-products/

Source: hsrc@hikvision.com

PatchVendor Advisory

https://www.hikvision.com/en/support/cybersecurity/security-advisory/access-control-vulnerability-in-some-hikvision-wireless-bridge-products/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.