Showing 1 - 1 of 1

CVE-2022-28172

Status Candidate

Overview

The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to XSS attack by sending messages with malicious commands to the affected device.

Related Files

Hikvision Remote Code Execution / XSS / SQL Injection: Posted Jan 31, 2023; Authored by Thurein Soe; Some Hikvision Hybrid SAN products were vulnerable to multiple remote code execution (command injection) vulnerabilities, including reflected cross site scripting, Ruby code injection, classic and blind SQL injection resulting in remote code execution that allows an adversary to execute arbitrary operating system commands and more. However, an adversary must be on the same network to leverage this vulnerability to execute arbitrary commands.; tags | advisory, remote, arbitrary, vulnerability, code execution, xss, sql injection, ruby; advisories | CVE-2022-28171, CVE-2022-28172; SHA-256 | 9ef9e4e937841d3becdae9ba498b3199c7ac7dfcaea39831e8e5a468cd2d8f10; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 297 files
Ubuntu 66 files
Debian 33 files
Gentoo 28 files
LiquidWorm 10 files
nu11secur1ty 7 files
Adam Gowdiak 4 files
gabe_k 3 files
liquidsky 3 files
kai6u 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,036)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,495)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,567)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,739)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,489)
UNIX (9,397)
UnixWare (187)
Windows (6,656)
Other

CVE-2022-28172

Overview

Related Files

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems