Skip to main content

Hitachi Kokusai Electric Inc.

Security information ID hitachi-sec-2022-001

Content of vulnerability

・Directory traversal(Viewing/Browsing files)[CVE-2022-37681/CWE-22]
・Can be rebooted externally without authentication. [CVE-2022-37680/CWE-306]

Target product

Product category Product model CVE Affected firmware version Latest firmware version
Camera HC-IP41HD CVE-2022-37681 Less than Ver1.04 Ver1.04 or later
HC-IP250HDA Less than Ver1.03 Ver1.03 or later
HC-IP267HD Less than Ver2.05 Ver2.05 or later
HC-IP277HD Less than Ver2.05 Ver2.05 or later
HC-IP400HD Less than Ver2.08 Ver2.08 or later
HC-IP1005HD Less than Ver1.02 Ver1.02 or later
HC-IP1200HD Less than Ver1.02 Ver1.02 or later
HC-IP3100HD Less than Ver1.15 Ver1.15 or later
HC-IP3100HDA Less than Ver1.06 Ver1.06 or later
HC-IP3050HD Less than Ver1.06 Ver1.06 or later
HC-IP3050HDA Less than Ver2.05 Ver2.05 or later
HC-IP9050HD Less than Ver1.21 Ver1.21 or later
HC-IP9100HD Less than Ver1.08 Ver1.08 or later
HC-IP6000HDP Less than Ver1.02 Ver1.02 or later
KV-H551HD Less than Ver1.02 Ver1.02 or later
KV-H551HDA Less than Ver2.05 Ver2.05 or later
KP-IP1020HD Less than Ver1.13 Ver1.13 or later
Encoder VG-IP2000 Less than Ver1.09 Ver1.09 or later
PT-IP1900T Less than Ver2.21 Ver2.21 or later
Decoder PT-IP2500R Less than Ver3.04 Ver3.04 or later
Camera HC-IP267HD(-S01) CVE-2022-37680 Less than Ver2.05 Ver2.05 or later
HC-IP400HD(-S01) Less than Ver2.08 Ver2.08 or later
HC-IP3050HDA(-S01) Less than Ver2.05 Ver2.05 or later
HC-IP9100HD Less than Ver1.08 Ver1.08 or later
KV-H551HDA(-S01) Less than Ver2.05 Ver2.05 or later
Encoder PT-IP1900T(-S01) Less than Ver3.05 Ver3.05 or later
Decoder PT-IP2500R(-S01) Less than Ver3.04 Ver3.04 or later

Countermeasure

Update the target firmware to a version of the latest.
For the latest firmware, please contact us.

Contact information

History of change

November 11, 2022:This security page is newly created and is sent.
※ Please note that the contents described on this page may be changed without notice.

Acknowledgment of appreciation

We would like to thank Thomas Knudsen and Samy Younsi for their reports on this vulnerability.