VYPR
Unrated severityNVD Advisory· Published Jun 27, 2022· Updated Sep 17, 2024

CVE-2022-28172

CVE-2022-28172

Description

The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to XSS attack by sending messages with malicious commands to the affected device.

Affected products

3
  • hikvision/DS-A71024/48/72R,DS-A80624S,DS-A81016S,DS-A72024/72R,DS-A80316S,DS-A82024Dv5
    Range: V2.X
  • hikvision/DS-A71024/48R-CVS,DS-A72024/48R-CVSv5
    Range: V1.X

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.