CVE-2022-28171

HIGH

Hikvision Hybrid SAN/Cluster Storage Firmware < 2.3.8-6 - OS Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2022-28171. PoCs published by Thurein Soe, NyaMeeEain, aengussong.

AI-analyzed exploit summary This exploit demonstrates a blind SQL injection vulnerability in Hikvision Hybrid SAN devices, allowing an attacker to enumerate the MySQL version by measuring response times. The PoC automates the process of checking for delays caused by injected SQL queries.

Description

The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to execute restricted commands by sending messages with malicious commands to the affected device.

Exploits (3)

exploitdb WORKING POC
by Thurein Soe · pythonremotehardware
https://www.exploit-db.com/exploits/51607

This exploit demonstrates a blind SQL injection vulnerability in Hikvision Hybrid SAN devices, allowing an attacker to enumerate the MySQL version by measuring response times. The PoC automates the process of checking for delays caused by injected SQL queries.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Hikvision Hybrid SAN Ds-a71024 Firmware and related models
No auth needed
Prerequisites: Network access to the target device · Target device running vulnerable firmware
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 4 stars
by NyaMeeEain · poc
https://github.com/NyaMeeEain/CVE-2022-28171-POC

This repository contains a proof-of-concept for CVE-2022-28171, a vulnerability in Hikvision Hybrid SAN devices that allows for Blind SQL injection and command injection via the 'downloadtype' parameter in the 'dynamic_log.php' endpoint. The PoC includes a request body demonstrating the exploit.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Hikvision Hybrid SAN Ds-a71024 Firmware and related versions
No auth needed
Prerequisites: Network access to the vulnerable device · Knowledge of the target IP and port
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER 2 stars
by aengussong · poc
https://github.com/aengussong/hikvision_probe

This repository contains a scanner for multiple Hikvision vulnerabilities, including CVE-2022-28171, which is a blind SQL injection vulnerability. The scanner checks for the presence of vulnerabilities by sending crafted requests and analyzing responses.

Classification
Scanner 90%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Hikvision devices
No auth needed
Prerequisites: Network access to the target device
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.5
EPSS 0.3933
EPSS Percentile 98.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-77 CWE-78
Status published
Products (11)
hikvision/ds-a71024_firmware < 2.3.8-6
hikvision/ds-a71048_firmware < 2.3.8-6
hikvision/ds-a71048r-cvs_firmware < 1.1.4
hikvision/ds-a71072r_firmware < 2.3.8-6
hikvision/ds-a72024_firmware < 2.3.8-6
hikvision/ds-a72048r-cvs_firmware < 1.1.4
hikvision/ds-a72072r_firmware < 2.3.8-6
hikvision/ds-a80316s_firmware < 2.3.8-6
hikvision/ds-a80624s_firmware < 2.3.8-6
hikvision/ds-a81016s_firmware < 2.3.8-6
... and 1 more
Published Jun 27, 2022
Tracked Since Feb 18, 2026