The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to XSS attack by sending messages with malicious commands to the affected device.
References
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
| AND |
|
Configuration 11 (hide)
| AND |
|
Configuration 12 (hide)
| AND |
|
Configuration 13 (hide)
| AND |
|
History
21 Nov 2024, 06:56
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.5 |
| References | () http://packetstormsecurity.com/files/170818/Hikvision-Remote-Code-Execution-XSS-SQL-Injection.html - Third Party Advisory, VDB Entry | |
| References | () https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-hybrid-san-products/ - Vendor Advisory |
23 Feb 2023, 17:32
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
07 Jul 2022, 16:36
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-hybrid-san-products/ - Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.1 |
| CWE | CWE-79 | |
| CPE | cpe:2.3:o:hikvision:ds-a71024_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-a81016s:-:*:*:*:*:*:*:* cpe:2.3:o:hikvision:ds-a71072r_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-a80316s:-:*:*:*:*:*:*:* cpe:2.3:o:hikvision:ds-a82024d_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-a71048r-cvs:-:*:*:*:*:*:*:* cpe:2.3:o:hikvision:ds-a81016s_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-a71024:-:*:*:*:*:*:*:* cpe:2.3:o:hikvision:ds-a72072r_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-a72048r-cvs:-:*:*:*:*:*:*:* cpe:2.3:o:hikvision:ds-a72024_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-a72024:-:*:*:*:*:*:*:* cpe:2.3:o:hikvision:ds-a71048_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-a82024d:-:*:*:*:*:*:*:* cpe:2.3:o:hikvision:ds-a71048r-cvs_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:hikvision:ds-a80624s_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:hikvision:ds-a72048r-cvs_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:hikvision:ds-a80316s_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-a71072r:-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-a72072r:-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-a80624s:-:*:*:*:*:*:*:* cpe:2.3:h:hikvision:ds-a71048:-:*:*:*:*:*:*:* |
27 Jun 2022, 18:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-06-27 18:15
Updated : 2024-11-21 06:56
NVD link : CVE-2022-28172
Mitre link : CVE-2022-28172
CVE.ORG link : CVE-2022-28172
JSON object : View
Products Affected
hikvision
- ds-a71024
- ds-a71072r
- ds-a80624s_firmware
- ds-a71048r-cvs
- ds-a72072r
- ds-a81016s_firmware
- ds-a80316s_firmware
- ds-a80316s
- ds-a72048r-cvs_firmware
- ds-a71072r_firmware
- ds-a82024d
- ds-a72072r_firmware
- ds-a82024d_firmware
- ds-a71024_firmware
- ds-a72024
- ds-a71048_firmware
- ds-a80624s
- ds-a72048r-cvs
- ds-a81016s
- ds-a72024_firmware
- ds-a71048
- ds-a71048r-cvs_firmware
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')