what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Hikvision Remote Code Execution / XSS / SQL Injection

Hikvision Remote Code Execution / XSS / SQL Injection
Posted Jan 31, 2023
Authored by Thurein Soe

Some Hikvision Hybrid SAN products were vulnerable to multiple remote code execution (command injection) vulnerabilities, including reflected cross site scripting, Ruby code injection, classic and blind SQL injection resulting in remote code execution that allows an adversary to execute arbitrary operating system commands and more. However, an adversary must be on the same network to leverage this vulnerability to execute arbitrary commands.

tags | advisory, remote, arbitrary, vulnerability, code execution, xss, sql injection, ruby
advisories | CVE-2022-28171, CVE-2022-28172
SHA-256 | 9ef9e4e937841d3becdae9ba498b3199c7ac7dfcaea39831e8e5a468cd2d8f10

Hikvision Remote Code Execution / XSS / SQL Injection

Change Mirror Download
Detailed Information
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Product Name: Hikvision
Vendor Home Page: https://www.hikvision.com
Fixed Version: fixed versions were released by Hikvision
Vulnerability Type: CWE-78,89 and 94
CVE Numbers: CVE-2022-28171-CVE-2022-28172
Author of Advisory: Thurein Soe
------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Vendor Description:

Hikvision is a world-leading surveillance manufacturer and supplier of
video surveillance and Internet of Things (IoT) equipment for civilian and
military purposes.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Vulnerability description:

Some Hikvision Hybrid SAN Products were vulnerable to multiple remote code
execution (command injection) vulnerabilities, including Reflected XSS,
Ruby code injection, classic and blind SQL injection resulting in remote
code execution that allows an adversary to execute arbitrary operating
system commands etc. However, an adversary must be on the same network to
leverage this vulnerability to execute arbitrary commands.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Vulnerable Versions:

Ds-a71024 Firmware
Ds-a71024 Firmware
Ds-a71048r-cvs Firmware
Ds-a71048 Firmware
Ds-a71072r Firmware
Ds-a71072r Firmware
Ds-a72024 Firmware
Ds-a72024 Firmware
Ds-a72048r-cvs Firmware
Ds-a72072r Firmware
Ds-a80316s Firmware
Ds-a80624s Firmware
Ds-a81016s Firmware
Ds-a82024d Firmware
Ds-a71048r-cvs
Ds-a71024
Ds-a71048
Ds-a71072r
Ds-a80624s
Ds-a82024d
Ds-a80316s
Ds-a81016s
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Credits:
Thurein Soe
------------------------------------------------------------------------------------------------------------------------------------------------------------------------

References:
https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-hybrid-san-products/
https://cve.report/CVE-2022-28171
------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Timeline:

11 March 2022: Found security vulnerabilities in a few Hikvision Hybrid SAN
Products
23 March 2022: Reported the finding to Hikvision Security Response Center
(HSRC) team
24 March 2022: Hikvision Security Response Center (HSRC) team requested
further details of reproduction steps and remediation
25 March 2022: Further details of reproduction and remediation steps sent
to the Hikvision Security Response Center (HSRC) team
26 March 2022: Hikvision Security Response Center (HSRC) team agreed to
issue only two CVEs due to multiple vulnerabilities in a single parameter
22 June 2022: Hikvision Release the Initial fixed Version for the affected
products in June 2022.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Login or Register to add favorites

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close