CVE-2022-28173

The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:hikvision:ds-3wf0ac-2nt_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-3wf0ac-2nt:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:hikvision:ds-3wf01c-2n\/o_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-3wf01c-2n\/o:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:56

Type Values Removed Values Added
References () https://www.hikvision.com/en/support/cybersecurity/security-advisory/access-control-vulnerability-in-some-hikvision-wireless-bridge-products/ - Patch, Vendor Advisory () https://www.hikvision.com/en/support/cybersecurity/security-advisory/access-control-vulnerability-in-some-hikvision-wireless-bridge-products/ - Patch, Vendor Advisory
CVSS v2 : unknown
v3 : 9.8
v2 : unknown
v3 : 9.1

Information

Published : 2022-12-19 16:15

Updated : 2024-11-21 06:56


NVD link : CVE-2022-28173

Mitre link : CVE-2022-28173

CVE.ORG link : CVE-2022-28173


JSON object : View

Products Affected

hikvision

  • ds-3wf0ac-2nt
  • ds-3wf0ac-2nt_firmware
  • ds-3wf01c-2n\/o
  • ds-3wf01c-2n\/o_firmware
CWE
CWE-284

Improper Access Control

NVD-CWE-Other