Vulnerability Description
The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hikvision | Ds-3Wf0Ac-2Nt Firmware | < 1.1.0 |
| Hikvision | Ds-3Wf0Ac-2Nt | - |
| Hikvision | Ds-3Wf01C-2N\/O Firmware | < 1.0.4 |
| Hikvision | Ds-3Wf01C-2N\/O | - |
Related Weaknesses (CWE)
References
- https://www.hikvision.com/en/support/cybersecurity/security-advisory/access-contPatchVendor Advisory
- https://www.hikvision.com/en/support/cybersecurity/security-advisory/access-contPatchVendor Advisory
FAQ
What is CVE-2022-28173?
CVE-2022-28173 is a vulnerability with a CVSS score of 9.1 (CRITICAL). The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending c...
How severe is CVE-2022-28173?
CVE-2022-28173 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-28173?
Check the references section above for vendor advisories and patch information. Affected products include: Hikvision Ds-3Wf0Ac-2Nt Firmware, Hikvision Ds-3Wf0Ac-2Nt, Hikvision Ds-3Wf01C-2N\/O Firmware, Hikvision Ds-3Wf01C-2N\/O.