CVE-2022-28171
CVE-2022-28171
The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to execute restricted commands by sending messages with malicious commands to the affected device.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Produtos afetados
hikvision · DS-A71024/48/72R,DS-A80624S,DS-A81016S,DS-A72024/72R,DS-A80316S,DS-A82024Dhikvision · DS-A71024/48R-CVS,DS-A72024/48R-CVSPoCs públicas encontradas — 5
githubgithub.com/NyaMeeEain/CVE-2022-28171-POC★ 4githubgithub.com/aengussong/hikvision_probe★ 3cve_referencepacketstormsecurity.com/files/170818/Hikvision-Remote-Code-Execution-XSS-SQL-Injection.htmlnão verificadocve_referencepacketstormsecurity.com/files/173653/Hikvision-Hybrid-SAN-Ds-a71024-SQL-Injection.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/51607não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://packetstormsecurity.com/files/170818/Hikvision-Remote-Code-Execution-XSS-SQL-Injection.htmlhttp://packetstormsecurity.com/files/173653/Hikvision-Hybrid-SAN-Ds-a71024-SQL-Injection.htmlhttps://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-hybrid-san-products/