Showing 1 - 1 of 1

CVE-2022-28171

Status Candidate

Overview

The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to execute restricted commands by sending messages with malicious commands to the affected device.

Related Files

Hikvision Remote Code Execution / XSS / SQL Injection: Posted Jan 31, 2023; Authored by Thurein Soe; Some Hikvision Hybrid SAN products were vulnerable to multiple remote code execution (command injection) vulnerabilities, including reflected cross site scripting, Ruby code injection, classic and blind SQL injection resulting in remote code execution that allows an adversary to execute arbitrary operating system commands and more. However, an adversary must be on the same network to leverage this vulnerability to execute arbitrary commands.; tags | advisory, remote, arbitrary, vulnerability, code execution, xss, sql injection, ruby; advisories | CVE-2022-28171, CVE-2022-28172; SHA-256 | 9ef9e4e937841d3becdae9ba498b3199c7ac7dfcaea39831e8e5a468cd2d8f10; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 140 files
Ubuntu 105 files
Debian 17 files
LiquidWorm 10 files
Google Security Research 10 files
Rafael Pedrero 8 files
Abdulhakim Oner 8 files
Hubert Wojciechowski 6 files
nu11secur1ty 6 files
fearzzzz 5 files

File Archives

Systems

AIX (426)
Apple (1,951)
BSD (370)
CentOS (56)
Cisco (1,919)
Debian (6,713)
Fedora (1,691)
FreeBSD (1,242)
Gentoo (4,288)
HPUX (878)
iOS (338)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (45,119)
Mac OS X (684)
Mandriva (3,105)
NetBSD (256)
OpenBSD (482)
RedHat (12,919)
Slackware (941)
Solaris (1,609)
SUSE (1,444)
Ubuntu (8,442)
UNIX (9,207)
UnixWare (185)
Windows (6,532)
Other

CVE-2022-28171

Overview

Related Files

File Archive:

March 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems