Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-37681

Hitachi Kokusai Electric Newtork products for monitoring system (Camera, Decoder and Encoder) and below allows attckers to perform a directory traversal via a crafted GET request to the endpoint /ptippage.cgi. Security information ID hitachi-sec-2022-001 contains fixes for the issue.

Published

2022-08-29T23:15:08.733

Last Modified

2024-11-21T07:15:04.670

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Primary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	hitachi	hc-ip9100hd_firmware	≤ 1.07	Yes
Hardware	hitachi	hc-ip9100hd	-	No

References

https://gist.github.com/Nwqda/5efea18c9142c6a966d85c6be2c0c2b5 ([email protected])
https://www.hitachi-kokusai.co.jp/global/en/products/info/vulnerable/hitachi-sec-2022-001/index.html ([email protected])
https://gist.github.com/Nwqda/5efea18c9142c6a966d85c6be2c0c2b5 (af854a3a-2127-422b-91ae-364da2661108)
https://www.hitachi-kokusai.co.jp/global/en/products/info/vulnerable/hitachi-sec-2022-001/index.html (af854a3a-2127-422b-91ae-364da2661108)