Main Vulnerability Database SB2022111406

SB2022111406 - Multiple vulnerabilities in Hitachi Kokusai Network products for monitoring system(Camera, Encoder, Decoder)

Published: November 14, 2022

Security Bulletin ID SB2022111406

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Missing Authentication for Critical Function (CVE-ID: CVE-2022-37680)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. A remote attacker can send a specially crafted request and perform a denial of service (DoS) attack.

2) Path traversal (CVE-ID: CVE-2022-37681)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Remediation

Install update from vendor's website.

References

Vulnerable Software

HC-IP267HD(-S01): before 2.05
HC-IP400HD(-S01): before 2.08
HC-IP3050HDA(-S01): before 2.05
HC-IP9100HD: before 1.08
KV-H551HDA(-S01): before 2.05
PT-IP1900T(-S01): before 3.05
PT-IP2500R(-S01): before 3.04
HC-IP41HD: before 1.04
HC-IP250HDA: before 1.03
HC-IP267HD: before 2.05
HC-IP277HD: before 2.05
HC-IP400HD: before 2.08
HC-IP1005HD: before 1.02
HC-IP1200HD: before 1.02
HC-IP3100HD: before 1.15
HC-IP3100HDA: before 1.06
HC-IP3050HD: before 1.06
HC-IP3050HDA: before 2.05
HC-IP9050HD: before 1.21
HC-IP6000HDP: before 1.02
KV-H551HD: before 1.02
KV-H551HDA: before 2.05
KP-IP1020HD: before 1.13
VG-IP2000: before 1.09
PT-IP1900T: before 2.21
PT-IP2500R: before 3.04