How severe is CVE-2022-28171?

High severity. CVSS v3 base score is 7.5 out of 10.

Is CVE-2022-28171 known to be exploited?

10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Hikvision Ds-a71024/48/72r,ds-a80624s,ds-a81016s,ds-a72024/72r,ds-a80316s,ds-a82024d

CVE-2022-28171

The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to execute restricted commands by sending mess…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.865 (99.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Hikvision Ds-a71024/48/72r,ds-a80624s,ds-a81016s,ds-a72024/72r,ds-a80316s,ds-a82024d — versions V2.X
Hikvision Ds-a71024/48r-cvs,ds-a72024/48r-cvs — versions V1.X

Weakness classification (CWE)

CWE-78 — OS Command Injection

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2022-28171?: CVE-2022-28171 is a high-severity vulnerability in Hikvision Ds-a71024/48/72r,ds-a80624s,ds-a81016s,ds-a72024/72r,ds-a80316s,ds-a82024d, classified under OS Command Injection. CVSS score: 7.5/10. Published 2022-06-27.
How severe is CVE-2022-28171?: High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2022-28171 known to be exploited?: 10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.