CVE-2022-28171
CVE-2022-28171
The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to execute restricted commands by sending messages with malicious commands to the affected device.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Productos afectados
hikvision · DS-A71024/48/72R,DS-A80624S,DS-A81016S,DS-A72024/72R,DS-A80316S,DS-A82024Dhikvision · DS-A71024/48R-CVS,DS-A72024/48R-CVSPoCs públicas encontradas — 5
githubgithub.com/NyaMeeEain/CVE-2022-28171-POC★ 4githubgithub.com/aengussong/hikvision_probe★ 3cve_referencepacketstormsecurity.com/files/170818/Hikvision-Remote-Code-Execution-XSS-SQL-Injection.htmlno verificadocve_referencepacketstormsecurity.com/files/173653/Hikvision-Hybrid-SAN-Ds-a71024-SQL-Injection.htmlno verificadoexploitdbwww.exploit-db.com/exploits/51607no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://packetstormsecurity.com/files/170818/Hikvision-Remote-Code-Execution-XSS-SQL-Injection.htmlhttp://packetstormsecurity.com/files/173653/Hikvision-Hybrid-SAN-Ds-a71024-SQL-Injection.htmlhttps://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-hybrid-san-products/