SEVERITY: CRITICAL

Redinent Researchers discovered a Authentication Bypass Vulnerability in Hikvision’s wireless bridge products.

Technical Details: The vulnerability exists due to improper parameter handling by the bridge’s web management interface. An attacker can exploit the vulnerability by sending crafted messages to the affected devices.

Attacker needs to create a single web request with a crafted payload of no more than 200 bytes to exploit the vulnerability and get administrative access to the web management interface. Post exploitation, the administrative session persists with full access to all functions of the bridge interface.

Affected Versions
Product Name Affected Versions
DS-3WF0AC-2NT Versions below V1.1.0
DS-3WF01C-2N/O Versions below V1.0.4

Hikvision has released a version to fix the vulnerability.

CVE ID: CVE-2022-28173
Hikvision Advisory: HSRC-202212-01

Timeline for coordinated disclosure (2022)

11-Aug – Vulnerability Discovered by Redinent Researchers
16-Sep – Vulnerability Disclosed to CERT India
27-Sep – CERT India registered vulnerability
4-Nov – Hikvision confirms vulnerability to CERT India. Asks for time to release a fix before public disclosure.
16-Dec – Redinent receives confirmation from CERT India that Hikvision has released a patched firmware version and a security advisory.

References:

https://www.hikvision.com/en/support/cybersecurity/security-advisory/access-control-vulnerability-in-some-hikvision-wireless-bridge-products/