Directory Traversal Vulnerability in Hitachi Kokusai Electric Network Monitoring Products
CVE-2022-37681

7.5HIGH

Key Information:

Vendor: Hitachi
Status: Hc-ip9100hd Firmware
Vendor: CVE Published:; 29 August 2022

Summary

A directory traversal vulnerability exists in Hitachi Kokusai Electric's network monitoring products, including Cameras, Decoders, and Encoders. Attackers can exploit this vulnerability to access restricted directories by crafting a malicious GET request directed at the endpoint /ptippage.cgi. This could potentially lead to unauthorized access to sensitive system files. A security advisory (hitachi-sec-2022-001) has been issued, providing guidance on the necessary patches to mitigate the risks associated with this vulnerability.

References

https://gist.github.com/Nwqda/5efea18c9142c6a966d85c6be2c...

third-party-advisorybroken-link

https://www.hitachi-kokusai.co.jp/global/en/products/info...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 29, 2022
Vulnerability Reserved
Aug 7, 2022

Credit

Thomas Knudsen

Samy Younsi