CVE-2022-28173

Summary

The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.

Affected Software

VendorProductVersion RangeStatus
hikvisionDS-3WF0AC-2NTV1.1.0 < V1.1.0affected
hikvisionDS-3WF01C-2N/OV1.0.4 < V1.0.4affected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References