CVE-2022-37680

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An improper authentication for critical function issue in Hitachi Kokusai Electric Network products for monitoring system (Camera, Decoder and Encoder) and bellow allows attckers to remotely reboot the device via a crafted POST request to the endpoint /ptipupgrade.cgi. Security information ID hitachi-sec-2022-001 contains fixes for the issue.

Un problema de autenticación inadecuada para una función crítica en los productos de red de Hitachi Kokusai Electric para el sistema de supervisión (cámara, decodificador y codificador) y siguientes permite a los atacantes reiniciar el dispositivo de forma remota a través de una solicitud POST manipulada en el punto final /ptipupgrade.cgi. La información de seguridad ID hitachi-sec-2022-001 contiene correcciones para el problema

*Credits: N/A

CVSS Scores

NISTv3.1 7.5

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-08-07 CVE Reserved
2022-08-29 CVE Published
2024-03-21 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-306: Missing Authentication for Critical Function

CAPEC

References (2)

URL	Tag	Source
https://gist.github.com/Nwqda/5efea18c9142c6a966d85c6be2c0c2b5	Broken Link

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.hitachi-kokusai.co.jp/global/en/products/info/vulnerable/hitachi-sec-2022-001/index.html	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Hitachi Search vendor "Hitachi"	Hc-ip9100hd Firmware Search vendor "Hitachi" for product "Hc-ip9100hd Firmware"	<= 1.07 Search vendor "Hitachi" for product "Hc-ip9100hd Firmware" and version " <= 1.07"	-	Affected	in	Hitachi Search vendor "Hitachi"	Hc-ip9100hd Search vendor "Hitachi" for product "Hc-ip9100hd"	-	-	Safe