Access Control Flaw in Hikvision Wireless Bridge Products
CVE-2022-28173

9.1CRITICAL

Key Information:

Vendor: Hikvision
Status: Ds-3wf0ac-2nt; Ds-3wf01c-2n/o
Vendor: CVE Published:; 19 December 2022

What is CVE-2022-28173?

Certain Hikvision wireless bridge products exhibit an access control vulnerability that allows unauthorized users to gain administrative permissions. Attackers can exploit this flaw by sending specially crafted messages to the affected devices, potentially compromising the security of the entire network. It is crucial for users to review their device configurations and apply necessary updates to mitigate this risk.

Affected Version(s)

DS-3WF01C-2N/O V1.0.4

DS-3WF0AC-2NT V1.1.0

References

https://www.hikvision.com/en/support/cybersecurity/securi...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 19, 2022
Vulnerability Reserved
Mar 29, 2022

Credit

Souvik Kandar, Arko Dhar