CVE-2022-37681

Name of the Vulnerable Software and Affected Versions Hitachi Kokusai Electric Newtork products versions prior to the fixed version ISnex HC-IP9100HD version 1.07 and below ISnex HC-IP9050HD version not specified

Description The issue is related to the /ptippage.cgi component of the network camera video surveillance software, which is associated with incorrect restriction of the path name to a directory with limited access. This can allow a remote attacker to gain full access to the device. The vulnerability can be exploited via a crafted GET request to the /ptippage.cgi endpoint, allowing directory traversal.

Recommendations For ISnex HC-IP9100HD version 1.07 and below: update to a version that contains a fix for the issue. For ISnex HC-IP9050HD: at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the /ptippage.cgi endpoint until a patch is available.