"Critical Vulnerability in Hikvision Wireless Bridges Allows CCTV Hacking"

Chinese video surveillance company Hikvision has recently patched a critical vulnerability in some of its wireless bridge products.  The flaw can lead to remote CCTV hacking, according to the researchers who found it.  Hikvision, in an advisory published on December 16, revealed that two of its wireless bridge products, designed for elevator and other video surveillance systems, are affected by CVE-2022-28173, a critical access control vulnerability.  The researchers stated that the security hole can be exploited by sending specially crafted messages to affected devices, allowing the attacker to gain administrator permissions.  Firmware patches have been made available for DS-3WF0AC-2NT and DS-3WF01C-2N/O products.  The issue was reported to the vendor in September through CERT India, and a patch was released earlier this month.  The researchers explained that the flaw is caused by improper parameter handling by the product’s web-based management interface.  An attacker can exploit the weakness to gain admin access to the management interface by sending a specially crafted request with a payload that does not exceed 200 bytes.

SecurityWeek reports:  "Critical Vulnerability in Hikvision Wireless Bridges Allows CCTV Hacking"