CVE-2022-28173
Summary
| CVE | CVE-2022-28173 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-12-19 16:15:00 UTC |
| Updated | 2022-12-29 18:46:00 UTC |
| Description | The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Hikvision | Ds-3wf01c-2n/o | - | All | All | All |
| Operating System | Hikvision | Ds-3wf01c-2n/o Firmware | All | All | All | All |
| Hardware | Hikvision | Ds-3wf0ac-2nt | - | All | All | All |
| Operating System | Hikvision | Ds-3wf0ac-2nt Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Notification - Access Control Vulnerability in Some Hikvision Wireless Bridge Products - Security Advisory - Hikvision | MISC | www.hikvision.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Souvik Kandar, Arko Dhar
There are currently no legacy QID mappings associated with this CVE.