Security information ID hitachi-sec-2022-001
・Directory traversal(Viewing/Browsing files)[CVE-2022-37681/CWE-22]
・Can be rebooted externally without authentication. [CVE-2022-37680/CWE-306]
Product category | Product model | CVE | Affected firmware version | Latest firmware version |
---|---|---|---|---|
Camera | HC-IP41HD | CVE-2022-37681 | Less than Ver1.04 | Ver1.04 or later |
HC-IP250HDA | Less than Ver1.03 | Ver1.03 or later | ||
HC-IP267HD | Less than Ver2.05 | Ver2.05 or later | ||
HC-IP277HD | Less than Ver2.05 | Ver2.05 or later | ||
HC-IP400HD | Less than Ver2.08 | Ver2.08 or later | ||
HC-IP1005HD | Less than Ver1.02 | Ver1.02 or later | ||
HC-IP1200HD | Less than Ver1.02 | Ver1.02 or later | ||
HC-IP3100HD | Less than Ver1.15 | Ver1.15 or later | ||
HC-IP3100HDA | Less than Ver1.06 | Ver1.06 or later | ||
HC-IP3050HD | Less than Ver1.06 | Ver1.06 or later | ||
HC-IP3050HDA | Less than Ver2.05 | Ver2.05 or later | ||
HC-IP9050HD | Less than Ver1.21 | Ver1.21 or later | ||
HC-IP9100HD | Less than Ver1.08 | Ver1.08 or later | ||
HC-IP6000HDP | Less than Ver1.02 | Ver1.02 or later | ||
KV-H551HD | Less than Ver1.02 | Ver1.02 or later | ||
KV-H551HDA | Less than Ver2.05 | Ver2.05 or later | ||
KP-IP1020HD | Less than Ver1.13 | Ver1.13 or later | ||
Encoder | VG-IP2000 | Less than Ver1.09 | Ver1.09 or later | |
PT-IP1900T | Less than Ver2.21 | Ver2.21 or later | ||
Decoder | PT-IP2500R | Less than Ver3.04 | Ver3.04 or later | |
Camera | HC-IP267HD(-S01) | CVE-2022-37680 | Less than Ver2.05 | Ver2.05 or later |
HC-IP400HD(-S01) | Less than Ver2.08 | Ver2.08 or later | ||
HC-IP3050HDA(-S01) | Less than Ver2.05 | Ver2.05 or later | ||
HC-IP9100HD | Less than Ver1.08 | Ver1.08 or later | ||
KV-H551HDA(-S01) | Less than Ver2.05 | Ver2.05 or later | ||
Encoder | PT-IP1900T(-S01) | Less than Ver3.05 | Ver3.05 or later | |
Decoder | PT-IP2500R(-S01) | Less than Ver3.04 | Ver3.04 or later |
Update the target firmware to a version of the latest.
For the latest firmware, please contact us.
November 11, 2022:This security page is newly created and is sent.
※ Please note that the contents described on this page may be changed without notice.
We would like to thank Thomas Knudsen and Samy Younsi for their reports on this vulnerability.