// For flags

CVE-2022-37681

 

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Hitachi Kokusai Electric Newtork products for monitoring system (Camera, Decoder and Encoder) and below allows attckers to perform a directory traversal via a crafted GET request to the endpoint /ptippage.cgi. Security information ID hitachi-sec-2022-001 contains fixes for the issue.

Los productos Newtork de Hitachi Kokusai Electric para el sistema de monitorización (cámara, decodificador y codificador) y posteriores permiten que los atacantes realicen un recorrido de directorios a través de una solicitud GET manipulada al punto final /ptippage.cgi. La información de seguridad ID hitachi-sec-2022-001 contiene correcciones para el problema

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-08-07 CVE Reserved
  • 2022-08-29 CVE Published
  • 2024-03-21 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
  • CAPEC-139: Relative Path Traversal
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Hitachi
Search vendor "Hitachi"
 Hc-ip9100hd Firmware
Search vendor "Hitachi" for product "Hc-ip9100hd Firmware"
 <= 1.07
Search vendor "Hitachi" for product "Hc-ip9100hd Firmware" and version " <= 1.07"
-
Affected
in Hitachi
Search vendor "Hitachi"
 Hc-ip9100hd
Search vendor "Hitachi" for product "Hc-ip9100hd"
--
Safe