Critical vulnerability in Hikvision wireless bridges in case of successful operation allows hackers to get full control over the affected device. The gap in defense received the identifier CVE-2022-28173. According to experts, she affected the devices used to create wireless video surveillance systems. Hikvision itself describes vulnerability as a bug of access control.
“The web server of some Hikvision wireless bridges is vulnerable to access control that can be used to obtain the rights of the administrator. Having received such rights, the hacker can send fake messages to the touched devices” – speak in the company’s report.
Vulnerability was discovered by Redinent Innovations in August. Hikvision issued corrections for her on December 16. Researchers argue that vulnerability existed due to improper processing of parameters in the web interface of the bridge control.
“The attacker can use vulnerability, sending fake messages to the affected devices. It is enough for the attacker to create one web request with a payload size of not more than 200 bytes to take advantage of the vulnerability and get the administrator’s rights in the management web interface,”- says on the blog of the Redinent command.