CVE-2022-37681
HIGHHitachi HC-IP9100HD Firmware < 1.07 - Path Traversal via /ptippage.cgi GET Request
Title source: llmDescription
Hitachi Kokusai Electric Newtork products for monitoring system (Camera, Decoder and Encoder) and below allows attckers to perform a directory traversal via a crafted GET request to the endpoint /ptippage.cgi. Security information ID hitachi-sec-2022-001 contains fixes for the issue.
References (2)
Core 2
Core References
Various Sources third-party-advisory
broken-link
https://gist.github.com/Nwqda/5efea18c9142c6a966d85c6be2c0c2b5
Various Sources vendor-advisory
https://www.hitachi-kokusai.co.jp/global/en/products/info/vulnerable/hitachi-sec-2022-001/index.html
Scores
CVSS v3
7.5
EPSS
0.0056
EPSS Percentile
68.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (1)
hitachi/hc-ip9100hd_firmware
< 1.07
Published
Aug 29, 2022
Tracked Since
Feb 18, 2026