CVE-2022-37680

Name of the Vulnerable Software and Affected Versions Hitachi Kokusai Electric Network products versions prior to the fixed version ISnex HC-IP9100HD version 1.07 and below ISnex HC-IP9050HD version not specified

Description The issue is related to improper authentication for critical functions in Hitachi Kokusai Electric Network products, including monitoring system devices such as cameras, decoders, and encoders. This allows attackers to remotely reboot the device via a crafted POST request to the endpoint "/ptipupgrade.cgi". The vulnerability is associated with inadequate access control, which can be exploited by an attacker to gain full access to the device.

Recommendations For Hitachi Kokusai Electric Network products, update to a version that includes the fixes provided in security information ID hitachi-sec-2022-001. For ISnex HC-IP9100HD version 1.07 and below, update to a version above 1.07. For ISnex HC-IP9050HD, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the "/ptipupgrade.cgi" endpoint until a patch is available.