exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Hikvision Remote Code Execution / XSS / SQL Injection

Hikvision Remote Code Execution / XSS / SQL Injection
Posted Jan 31, 2023
Authored by Thurein Soe

Some Hikvision Hybrid SAN products were vulnerable to multiple remote code execution (command injection) vulnerabilities, including reflected cross site scripting, Ruby code injection, classic and blind SQL injection resulting in remote code execution that allows an adversary to execute arbitrary operating system commands and more. However, an adversary must be on the same network to leverage this vulnerability to execute arbitrary commands.

tags | advisory, remote, arbitrary, vulnerability, code execution, xss, sql injection, ruby
advisories | CVE-2022-28171, CVE-2022-28172
SHA-256 | 9ef9e4e937841d3becdae9ba498b3199c7ac7dfcaea39831e8e5a468cd2d8f10
Download | Favorite | View

Hikvision Remote Code Execution / XSS / SQL Injection

Change Mirror Download
Detailed Information
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Product Name: Hikvision
Vendor Home Page:  https://www.hikvision.com
Fixed Version: fixed versions were released by Hikvision
Vulnerability Type: CWE-78,89 and 94
CVE Numbers: CVE-2022-28171-CVE-2022-28172
Author of Advisory: Thurein Soe
------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Vendor Description:

Hikvision is a world-leading surveillance manufacturer and supplier of
video surveillance and Internet of Things (IoT) equipment for civilian and
military purposes.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Vulnerability description:

Some Hikvision Hybrid SAN Products were vulnerable to multiple remote code
execution (command injection) vulnerabilities, including Reflected XSS,
Ruby code injection, classic and blind SQL injection resulting in remote
code execution that allows an adversary to execute arbitrary operating
system commands etc. However, an adversary must be on the same network to
leverage this vulnerability to execute arbitrary commands.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Vulnerable Versions:

Ds-a71024 Firmware
Ds-a71024 Firmware
Ds-a71048r-cvs Firmware
Ds-a71048 Firmware
Ds-a71072r Firmware
Ds-a71072r Firmware
Ds-a72024 Firmware
Ds-a72024 Firmware
Ds-a72048r-cvs Firmware
Ds-a72072r Firmware
Ds-a80316s Firmware
Ds-a80624s Firmware
Ds-a81016s Firmware
Ds-a82024d Firmware
Ds-a71048r-cvs
Ds-a71024
Ds-a71048
Ds-a71072r
Ds-a80624s
Ds-a82024d
Ds-a80316s
Ds-a81016s
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Credits:
Thurein Soe
------------------------------------------------------------------------------------------------------------------------------------------------------------------------

References:
https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-hybrid-san-products/
https://cve.report/CVE-2022-28171
------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Timeline:

11 March 2022: Found security vulnerabilities in a few Hikvision Hybrid SAN
Products
23 March 2022: Reported the finding to Hikvision Security Response Center
(HSRC) team
24 March 2022: Hikvision Security Response Center (HSRC) team requested
further details of reproduction steps and remediation
25 March 2022: Further details of reproduction and remediation steps sent
to the Hikvision Security Response Center (HSRC) team
26 March 2022: Hikvision Security Response Center (HSRC) team agreed to
issue only two CVEs due to multiple vulnerabilities in a single parameter
22 June 2022: Hikvision Release the Initial fixed Version for the affected
products in June 2022.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Login or Register to add favorites

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    53 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    0 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close