Overview
- Description
- The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.
- Source
- hsrc@hikvision.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
- hsrc@hikvision.com
- CWE-284
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hikvision:ds-3wf0ac-2nt:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D47A2B2F-B773-4558-AE27-F01CBC5C1CFB"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hikvision:ds-3wf0ac-2nt_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "239170FE-29F9-4BF7-A4EB-B2CFAA12ECEA",
"versionEndExcluding": "1.1.0"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:hikvision:ds-3wf01c-2n\\/o:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "0718BCFA-1B78-44F9-9730-F99DB7CA830B"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hikvision:ds-3wf01c-2n\\/o_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "458507EA-74A7-4C7E-BD46-7F1EB71B651D",
"versionEndExcluding": "1.0.4"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]