Detailed Information ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Product Name: Hikvision Vendor Home Page: https://www.hikvision.com Fixed Version: fixed versions were released by Hikvision Vulnerability Type: CWE-78,89 and 94 CVE Numbers: CVE-2022-28171-CVE-2022-28172 Author of Advisory: Thurein Soe ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Vendor Description: Hikvision is a world-leading surveillance manufacturer and supplier of video surveillance and Internet of Things (IoT) equipment for civilian and military purposes. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Vulnerability description: Some Hikvision Hybrid SAN Products were vulnerable to multiple remote code execution (command injection) vulnerabilities, including Reflected XSS, Ruby code injection, classic and blind SQL injection resulting in remote code execution that allows an adversary to execute arbitrary operating system commands etc. However, an adversary must be on the same network to leverage this vulnerability to execute arbitrary commands. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Vulnerable Versions: Ds-a71024 Firmware Ds-a71024 Firmware Ds-a71048r-cvs Firmware Ds-a71048 Firmware Ds-a71072r Firmware Ds-a71072r Firmware Ds-a72024 Firmware Ds-a72024 Firmware Ds-a72048r-cvs Firmware Ds-a72072r Firmware Ds-a80316s Firmware Ds-a80624s Firmware Ds-a81016s Firmware Ds-a82024d Firmware Ds-a71048r-cvs Ds-a71024 Ds-a71048 Ds-a71072r Ds-a80624s Ds-a82024d Ds-a80316s Ds-a81016s ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Credits: Thurein Soe ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ References: https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-hybrid-san-products/ https://cve.report/CVE-2022-28171 ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Timeline: 11 March 2022: Found security vulnerabilities in a few Hikvision Hybrid SAN Products 23 March 2022: Reported the finding to Hikvision Security Response Center (HSRC) team 24 March 2022: Hikvision Security Response Center (HSRC) team requested further details of reproduction steps and remediation 25 March 2022: Further details of reproduction and remediation steps sent to the Hikvision Security Response Center (HSRC) team 26 March 2022: Hikvision Security Response Center (HSRC) team agreed to issue only two CVEs due to multiple vulnerabilities in a single parameter 22 June 2022: Hikvision Release the Initial fixed Version for the affected products in June 2022. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------