Unrated severityNVD Advisory· Published Jun 27, 2022· Updated Sep 16, 2024
CVE-2022-28171
CVE-2022-28171
Description
The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to execute restricted commands by sending messages with malicious commands to the affected device.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- hikvision/DS-A71024/48/72R,DS-A80624S,DS-A81016S,DS-A72024/72R,DS-A80316S,DS-A82024Dv5Range: V2.X
- hikvision/DS-A71024/48R-CVS,DS-A72024/48R-CVSv5Range: V1.X
Patches
Vulnerability mechanics
References
3- packetstormsecurity.com/files/170818/Hikvision-Remote-Code-Execution-XSS-SQL-Injection.htmlmitre
- packetstormsecurity.com/files/173653/Hikvision-Hybrid-SAN-Ds-a71024-SQL-Injection.htmlmitre
- www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-hybrid-san-products/mitre
News mentions
0No linked articles in our index yet.