CVE-2022-28172
Summary
| CVE | CVE-2022-28172 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-06-27 18:15:00 UTC |
| Updated | 2023-02-23 17:32:00 UTC |
| Description | The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to XSS attack by sending messages with malicious commands to the affected device. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Hikvision | Ds-a71024 | - | All | All | All |
| Operating System | Hikvision | Ds-a71024 Firmware | All | All | All | All |
| Operating System | Hikvision | Ds-a71024 Firmware | All | All | All | All |
| Hardware | Hikvision | Ds-a71048 | - | All | All | All |
| Hardware | Hikvision | Ds-a71048r-cvs | - | All | All | All |
| Operating System | Hikvision | Ds-a71048r-cvs Firmware | All | All | All | All |
| Operating System | Hikvision | Ds-a71048 Firmware | All | All | All | All |
| Hardware | Hikvision | Ds-a71072r | - | All | All | All |
| Operating System | Hikvision | Ds-a71072r Firmware | All | All | All | All |
| Hardware | Hikvision | Ds-a72024 | - | All | All | All |
| Operating System | Hikvision | Ds-a72024 Firmware | All | All | All | All |
| Operating System | Hikvision | Ds-a72024 Firmware | All | All | All | All |
| Hardware | Hikvision | Ds-a72048r-cvs | - | All | All | All |
| Operating System | Hikvision | Ds-a72048r-cvs Firmware | All | All | All | All |
| Hardware | Hikvision | Ds-a72072r | - | All | All | All |
| Operating System | Hikvision | Ds-a72072r Firmware | All | All | All | All |
| Hardware | Hikvision | Ds-a80316s | - | All | All | All |
| Operating System | Hikvision | Ds-a80316s Firmware | All | All | All | All |
| Hardware | Hikvision | Ds-a80624s | - | All | All | All |
| Operating System | Hikvision | Ds-a80624s Firmware | All | All | All | All |
| Hardware | Hikvision | Ds-a81016s | - | All | All | All |
| Operating System | Hikvision | Ds-a81016s Firmware | All | All | All | All |
| Hardware | Hikvision | Ds-a82024d | - | All | All | All |
| Operating System | Hikvision | Ds-a82024d Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Vulnerability in Some Hikvision Hybrid SAN Products - Security Advisory - Hikvision | MISC | www.hikvision.com | |
| Hikvision Remote Code Execution / XSS / SQL Injection ≈ Packet Storm | MISC | packetstormsecurity.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Thurein Soe
There are currently no legacy QID mappings associated with this CVE.