CVE-2022-37680
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An improper authentication for critical function issue in Hitachi Kokusai Electric Network products for monitoring system (Camera, Decoder and Encoder) and bellow allows attckers to remotely reboot the device via a crafted POST request to the endpoint /ptipupgrade.cgi. Security information ID hitachi-sec-2022-001 contains fixes for the issue.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | unknown |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://gist.github.com/Nwqda/5efea18c9142c6a966d85c6be2c0c2b5
- https://www.hitachi-kokusai.co.jp/global/en/products/info/vulnerable/hitachi-sec-2022-001/index.html
References
- https://gist.github.com/Nwqda/5efea18c9142c6a966d85c6be2c0c2b5
- https://www.hitachi-kokusai.co.jp/global/en/products/info/vulnerable/hitachi-sec-2022-001/index.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.