CVE-2022-37681

high

Description

Hitachi Kokusai Electric Newtork products for monitoring system (Camera, Decoder and Encoder) and below allows attckers to perform a directory traversal via a crafted GET request to the endpoint /ptippage.cgi. Security information ID hitachi-sec-2022-001 contains fixes for the issue.

References

https://www.hitachi-kokusai.co.jp/global/en/products/info/vulnerable/hitachi-sec-2022-001/index.html

https://gist.github.com/Nwqda/5efea18c9142c6a966d85c6be2c0c2b5

Details

Source: Mitre, NVD

Published: 2022-08-29

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00283