Search criteria
36 vulnerabilities found for dss_professional by dahuasecurity
FKIE_CVE-2022-45428
Vulnerability from fkie_nvd - Published: 2022-12-27 18:15 - Updated: 2025-04-14 14:15
Severity ?
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Summary
Some Dahua software products have a vulnerability of sensitive information leakage. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can obtain the debugging information.
References
| URL | Tags | ||
|---|---|---|---|
| cybersecurity@dahuatech.com | https://www.dahuasecurity.com/support/cybersecurity/details/1137 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dahuasecurity.com/support/cybersecurity/details/1137 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:7.002.1760000.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3884EEA1-1A5A-465D-911A-C1468C48095C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "546B8C47-C545-4BF6-B62E-F6D7A4EC0B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFFFF73-D666-4EFD-BC9C-F35AB0884E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F79147B7-FBD0-4A5A-81A4-B902366336C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A7BE6D-04EB-40CC-A59E-78922BA310EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:7.002.1760000.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA1F0C70-4274-4910-A645-EC52D1CB3847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7812C76-E325-4DDB-BF1F-AA0C37B073F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F6C276F4-260B-4C98-92B7-AD5FD5B6A35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50990609-E282-4FF0-B7B3-6FF641E1F836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CE289B1-0442-4F55-9C8B-3B8D1B3F24E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D729295F-15E2-4B8D-A85C-53CAB6544144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "266BDE37-4A75-4B7F-9627-DDE6C78FB593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA557CC-3A2B-40E0-833E-2009B6180DEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6E8AE26-5271-4BA3-8539-9B7856F5DF84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss7016d-s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCBDDB17-CEDD-45DA-87E0-7F15753AE9BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F2A1C3-2057-4182-B425-94C3EC1862BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D6042411-429A-48BC-9D21-D8AD84DB11E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "11B6BBCD-0A83-4816-84F9-647403DA64F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78D7D57F-36EA-42DB-866F-DC9BCEAD2235",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss7016dr-s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A0F44A-CB7D-42EA-A8D7-373F5BD6A963",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C754C4-1908-4EF2-BB70-4EA730324D98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4D060128-197D-4EEC-A486-364B1876A1B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1E8F32EF-9A87-4807-B3C0-2DC4F17553D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9CED99-BAC5-4D7C-B10F-DF16085BC888",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss4004-s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8C804BE-2D42-4213-A108-4426F5F0E348",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua software products have a vulnerability of sensitive information leakage. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can obtain the debugging information."
},
{
"lang": "es",
"value": "Algunos productos de software de Dahua tienen la vulnerabilidad de fuga de informaci\u00f3n confidencial. Despu\u00e9s de obtener los permisos de los administradores, al enviar un paquete manipulado espec\u00edficamente a la interfaz vulnerable, un atacante puede obtener la informaci\u00f3n de depuraci\u00f3n."
}
],
"id": "CVE-2022-45428",
"lastModified": "2025-04-14T14:15:20.990",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-12-27T18:15:10.650",
"references": [
{
"source": "cybersecurity@dahuatech.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
],
"sourceIdentifier": "cybersecurity@dahuatech.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-201"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-45426
Vulnerability from fkie_nvd - Published: 2022-12-27 18:15 - Updated: 2025-04-14 14:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Some Dahua software products have a vulnerability of unrestricted download of file. After obtaining the permissions of ordinary users, by sending a specific crafted packet to the vulnerable interface, an attacker can download arbitrary files.
References
| URL | Tags | ||
|---|---|---|---|
| cybersecurity@dahuatech.com | https://www.dahuasecurity.com/support/cybersecurity/details/1137 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dahuasecurity.com/support/cybersecurity/details/1137 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:7.002.1760000.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3884EEA1-1A5A-465D-911A-C1468C48095C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "546B8C47-C545-4BF6-B62E-F6D7A4EC0B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFFFF73-D666-4EFD-BC9C-F35AB0884E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F79147B7-FBD0-4A5A-81A4-B902366336C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A7BE6D-04EB-40CC-A59E-78922BA310EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:7.002.1760000.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA1F0C70-4274-4910-A645-EC52D1CB3847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7812C76-E325-4DDB-BF1F-AA0C37B073F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F6C276F4-260B-4C98-92B7-AD5FD5B6A35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50990609-E282-4FF0-B7B3-6FF641E1F836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CE289B1-0442-4F55-9C8B-3B8D1B3F24E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D729295F-15E2-4B8D-A85C-53CAB6544144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "266BDE37-4A75-4B7F-9627-DDE6C78FB593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA557CC-3A2B-40E0-833E-2009B6180DEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6E8AE26-5271-4BA3-8539-9B7856F5DF84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss7016d-s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCBDDB17-CEDD-45DA-87E0-7F15753AE9BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F2A1C3-2057-4182-B425-94C3EC1862BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D6042411-429A-48BC-9D21-D8AD84DB11E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "11B6BBCD-0A83-4816-84F9-647403DA64F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78D7D57F-36EA-42DB-866F-DC9BCEAD2235",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss7016dr-s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A0F44A-CB7D-42EA-A8D7-373F5BD6A963",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C754C4-1908-4EF2-BB70-4EA730324D98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4D060128-197D-4EEC-A486-364B1876A1B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1E8F32EF-9A87-4807-B3C0-2DC4F17553D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9CED99-BAC5-4D7C-B10F-DF16085BC888",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss4004-s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8C804BE-2D42-4213-A108-4426F5F0E348",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua software products have a vulnerability of unrestricted download of file. After obtaining the permissions of ordinary users, by sending a specific crafted packet to the vulnerable interface, an attacker can download arbitrary files."
},
{
"lang": "es",
"value": "Algunos productos de software de Dahua tienen una vulnerabilidad de descarga de archivos sin restricciones. Despu\u00e9s de obtener los permisos de los usuarios normales, al enviar un paquete manipulado espec\u00edficamente a la interfaz vulnerable, un atacante puede descargar archivos arbitrarios."
}
],
"id": "CVE-2022-45426",
"lastModified": "2025-04-14T14:15:20.653",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-12-27T18:15:10.553",
"references": [
{
"source": "cybersecurity@dahuatech.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
],
"sourceIdentifier": "cybersecurity@dahuatech.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-45424
Vulnerability from fkie_nvd - Published: 2022-12-27 18:15 - Updated: 2025-04-14 14:15
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Some Dahua software products have a vulnerability of unauthenticated request of AES crypto key. An attacker can obtain the AES crypto key by sending a specific crafted packet to the vulnerable interface.
References
| URL | Tags | ||
|---|---|---|---|
| cybersecurity@dahuatech.com | https://www.dahuasecurity.com/support/cybersecurity/details/1137 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dahuasecurity.com/support/cybersecurity/details/1137 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:7.002.1760000.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3884EEA1-1A5A-465D-911A-C1468C48095C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "546B8C47-C545-4BF6-B62E-F6D7A4EC0B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFFFF73-D666-4EFD-BC9C-F35AB0884E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F79147B7-FBD0-4A5A-81A4-B902366336C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A7BE6D-04EB-40CC-A59E-78922BA310EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:7.002.1760000.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA1F0C70-4274-4910-A645-EC52D1CB3847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7812C76-E325-4DDB-BF1F-AA0C37B073F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F6C276F4-260B-4C98-92B7-AD5FD5B6A35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50990609-E282-4FF0-B7B3-6FF641E1F836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CE289B1-0442-4F55-9C8B-3B8D1B3F24E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D729295F-15E2-4B8D-A85C-53CAB6544144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "266BDE37-4A75-4B7F-9627-DDE6C78FB593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA557CC-3A2B-40E0-833E-2009B6180DEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6E8AE26-5271-4BA3-8539-9B7856F5DF84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss7016d-s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCBDDB17-CEDD-45DA-87E0-7F15753AE9BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F2A1C3-2057-4182-B425-94C3EC1862BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D6042411-429A-48BC-9D21-D8AD84DB11E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "11B6BBCD-0A83-4816-84F9-647403DA64F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78D7D57F-36EA-42DB-866F-DC9BCEAD2235",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss7016dr-s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A0F44A-CB7D-42EA-A8D7-373F5BD6A963",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C754C4-1908-4EF2-BB70-4EA730324D98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4D060128-197D-4EEC-A486-364B1876A1B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1E8F32EF-9A87-4807-B3C0-2DC4F17553D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9CED99-BAC5-4D7C-B10F-DF16085BC888",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss4004-s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8C804BE-2D42-4213-A108-4426F5F0E348",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua software products have a vulnerability of unauthenticated request of AES crypto key. An attacker can obtain the AES crypto key by sending a specific crafted packet to the vulnerable interface."
},
{
"lang": "es",
"value": "Algunos productos de software de Dahua tienen una vulnerabilidad de solicitud no autenticada de clave criptogr\u00e1fica AES. Un atacante puede obtener la clave criptogr\u00e1fica AES enviando un paquete dise\u00f1ado espec\u00edficamente a la interfaz vulnerable."
}
],
"id": "CVE-2022-45424",
"lastModified": "2025-04-14T14:15:20.313",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-12-27T18:15:10.450",
"references": [
{
"source": "cybersecurity@dahuatech.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
],
"sourceIdentifier": "cybersecurity@dahuatech.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-45431
Vulnerability from fkie_nvd - Published: 2022-12-27 18:15 - Updated: 2025-04-11 23:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated restart of remote DSS Server.
References
| URL | Tags | ||
|---|---|---|---|
| cybersecurity@dahuatech.com | https://www.dahuasecurity.com/support/cybersecurity/details/1137 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dahuasecurity.com/support/cybersecurity/details/1137 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D729295F-15E2-4B8D-A85C-53CAB6544144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "266BDE37-4A75-4B7F-9627-DDE6C78FB593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA557CC-3A2B-40E0-833E-2009B6180DEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6E8AE26-5271-4BA3-8539-9B7856F5DF84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss7016d-s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCBDDB17-CEDD-45DA-87E0-7F15753AE9BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F2A1C3-2057-4182-B425-94C3EC1862BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D6042411-429A-48BC-9D21-D8AD84DB11E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "11B6BBCD-0A83-4816-84F9-647403DA64F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78D7D57F-36EA-42DB-866F-DC9BCEAD2235",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss7016dr-s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A0F44A-CB7D-42EA-A8D7-373F5BD6A963",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C754C4-1908-4EF2-BB70-4EA730324D98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4D060128-197D-4EEC-A486-364B1876A1B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1E8F32EF-9A87-4807-B3C0-2DC4F17553D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9CED99-BAC5-4D7C-B10F-DF16085BC888",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss4004-s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8C804BE-2D42-4213-A108-4426F5F0E348",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:7.002.1760000.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3884EEA1-1A5A-465D-911A-C1468C48095C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "546B8C47-C545-4BF6-B62E-F6D7A4EC0B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFFFF73-D666-4EFD-BC9C-F35AB0884E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F79147B7-FBD0-4A5A-81A4-B902366336C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A7BE6D-04EB-40CC-A59E-78922BA310EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:7.002.1760000.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA1F0C70-4274-4910-A645-EC52D1CB3847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7812C76-E325-4DDB-BF1F-AA0C37B073F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F6C276F4-260B-4C98-92B7-AD5FD5B6A35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50990609-E282-4FF0-B7B3-6FF641E1F836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CE289B1-0442-4F55-9C8B-3B8D1B3F24E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated restart of remote DSS Server."
},
{
"lang": "es",
"value": "Algunos productos de software de Dahua tienen una vulnerabilidad de reinicio no autenticado del servidor DSS remoto. Despu\u00e9s de omitir la pol\u00edtica de control de acceso del firewall, al enviar un paquete manipulado espec\u00edficamente a la interfaz vulnerable, un atacante podr\u00eda reiniciar sin autenticar el servidor DSS remoto."
}
],
"id": "CVE-2022-45431",
"lastModified": "2025-04-11T23:15:27.477",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-12-27T18:15:10.793",
"references": [
{
"source": "cybersecurity@dahuatech.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
],
"sourceIdentifier": "cybersecurity@dahuatech.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-45425
Vulnerability from fkie_nvd - Published: 2022-12-27 18:15 - Updated: 2025-04-14 14:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An attacker can obtain the AES crypto key by exploiting this vulnerability.
References
| URL | Tags | ||
|---|---|---|---|
| cybersecurity@dahuatech.com | https://www.dahuasecurity.com/support/cybersecurity/details/1137 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dahuasecurity.com/support/cybersecurity/details/1137 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:7.002.1760000.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3884EEA1-1A5A-465D-911A-C1468C48095C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "546B8C47-C545-4BF6-B62E-F6D7A4EC0B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFFFF73-D666-4EFD-BC9C-F35AB0884E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F79147B7-FBD0-4A5A-81A4-B902366336C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A7BE6D-04EB-40CC-A59E-78922BA310EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:7.002.1760000.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA1F0C70-4274-4910-A645-EC52D1CB3847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7812C76-E325-4DDB-BF1F-AA0C37B073F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F6C276F4-260B-4C98-92B7-AD5FD5B6A35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50990609-E282-4FF0-B7B3-6FF641E1F836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CE289B1-0442-4F55-9C8B-3B8D1B3F24E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D729295F-15E2-4B8D-A85C-53CAB6544144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "266BDE37-4A75-4B7F-9627-DDE6C78FB593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA557CC-3A2B-40E0-833E-2009B6180DEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6E8AE26-5271-4BA3-8539-9B7856F5DF84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss7016d-s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCBDDB17-CEDD-45DA-87E0-7F15753AE9BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F2A1C3-2057-4182-B425-94C3EC1862BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D6042411-429A-48BC-9D21-D8AD84DB11E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "11B6BBCD-0A83-4816-84F9-647403DA64F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78D7D57F-36EA-42DB-866F-DC9BCEAD2235",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss7016dr-s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A0F44A-CB7D-42EA-A8D7-373F5BD6A963",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C754C4-1908-4EF2-BB70-4EA730324D98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4D060128-197D-4EEC-A486-364B1876A1B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1E8F32EF-9A87-4807-B3C0-2DC4F17553D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9CED99-BAC5-4D7C-B10F-DF16085BC888",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss4004-s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8C804BE-2D42-4213-A108-4426F5F0E348",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An attacker can obtain the AES crypto key by exploiting this vulnerability."
},
{
"lang": "es",
"value": "Algunos productos de software de Dahua tienen la vulnerabilidad de utilizar claves criptogr\u00e1ficas codificadas. Un atacante puede obtener la clave criptogr\u00e1fica AES explotando esta vulnerabilidad."
}
],
"id": "CVE-2022-45425",
"lastModified": "2025-04-14T14:15:20.493",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-12-27T18:15:10.500",
"references": [
{
"source": "cybersecurity@dahuatech.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
],
"sourceIdentifier": "cybersecurity@dahuatech.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-45432
Vulnerability from fkie_nvd - Published: 2022-12-27 18:15 - Updated: 2025-04-14 14:15
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Some Dahua software products have a vulnerability of unauthenticated search for devices. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated search for devices in range of IPs from remote DSS Server.
References
| URL | Tags | ||
|---|---|---|---|
| cybersecurity@dahuatech.com | https://www.dahuasecurity.com/support/cybersecurity/details/1137 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dahuasecurity.com/support/cybersecurity/details/1137 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D729295F-15E2-4B8D-A85C-53CAB6544144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "266BDE37-4A75-4B7F-9627-DDE6C78FB593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA557CC-3A2B-40E0-833E-2009B6180DEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6E8AE26-5271-4BA3-8539-9B7856F5DF84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss7016d-s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCBDDB17-CEDD-45DA-87E0-7F15753AE9BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F2A1C3-2057-4182-B425-94C3EC1862BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D6042411-429A-48BC-9D21-D8AD84DB11E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "11B6BBCD-0A83-4816-84F9-647403DA64F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78D7D57F-36EA-42DB-866F-DC9BCEAD2235",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss7016dr-s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A0F44A-CB7D-42EA-A8D7-373F5BD6A963",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C754C4-1908-4EF2-BB70-4EA730324D98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4D060128-197D-4EEC-A486-364B1876A1B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1E8F32EF-9A87-4807-B3C0-2DC4F17553D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9CED99-BAC5-4D7C-B10F-DF16085BC888",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss4004-s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8C804BE-2D42-4213-A108-4426F5F0E348",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:7.002.1760000.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3884EEA1-1A5A-465D-911A-C1468C48095C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "546B8C47-C545-4BF6-B62E-F6D7A4EC0B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFFFF73-D666-4EFD-BC9C-F35AB0884E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F79147B7-FBD0-4A5A-81A4-B902366336C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A7BE6D-04EB-40CC-A59E-78922BA310EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:7.002.1760000.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA1F0C70-4274-4910-A645-EC52D1CB3847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7812C76-E325-4DDB-BF1F-AA0C37B073F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F6C276F4-260B-4C98-92B7-AD5FD5B6A35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50990609-E282-4FF0-B7B3-6FF641E1F836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CE289B1-0442-4F55-9C8B-3B8D1B3F24E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua software products have a vulnerability of unauthenticated search for devices. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated search for devices in range of IPs from remote DSS Server."
},
{
"lang": "es",
"value": "Algunos productos de software de Dahua tienen la vulnerabilidad de b\u00fasqueda de dispositivos no autenticados. Despu\u00e9s de omitir la pol\u00edtica de control de acceso del firewall, al enviar un paquete manipulado espec\u00edficamente a la interfaz vulnerable, un atacante podr\u00eda buscar dispositivos no autenticados en un rango de IP desde el servidor DSS remoto."
}
],
"id": "CVE-2022-45432",
"lastModified": "2025-04-14T14:15:21.160",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-12-27T18:15:10.847",
"references": [
{
"source": "cybersecurity@dahuatech.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
],
"sourceIdentifier": "cybersecurity@dahuatech.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-45427
Vulnerability from fkie_nvd - Published: 2022-12-27 18:15 - Updated: 2025-04-14 14:15
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Some Dahua software products have a vulnerability of unrestricted upload of file. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can upload arbitrary files.
References
| URL | Tags | ||
|---|---|---|---|
| cybersecurity@dahuatech.com | https://www.dahuasecurity.com/support/cybersecurity/details/1137 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dahuasecurity.com/support/cybersecurity/details/1137 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:7.002.1760000.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3884EEA1-1A5A-465D-911A-C1468C48095C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "546B8C47-C545-4BF6-B62E-F6D7A4EC0B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFFFF73-D666-4EFD-BC9C-F35AB0884E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F79147B7-FBD0-4A5A-81A4-B902366336C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A7BE6D-04EB-40CC-A59E-78922BA310EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:7.002.1760000.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA1F0C70-4274-4910-A645-EC52D1CB3847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7812C76-E325-4DDB-BF1F-AA0C37B073F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F6C276F4-260B-4C98-92B7-AD5FD5B6A35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50990609-E282-4FF0-B7B3-6FF641E1F836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CE289B1-0442-4F55-9C8B-3B8D1B3F24E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D729295F-15E2-4B8D-A85C-53CAB6544144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "266BDE37-4A75-4B7F-9627-DDE6C78FB593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA557CC-3A2B-40E0-833E-2009B6180DEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6E8AE26-5271-4BA3-8539-9B7856F5DF84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss7016d-s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCBDDB17-CEDD-45DA-87E0-7F15753AE9BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F2A1C3-2057-4182-B425-94C3EC1862BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D6042411-429A-48BC-9D21-D8AD84DB11E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "11B6BBCD-0A83-4816-84F9-647403DA64F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78D7D57F-36EA-42DB-866F-DC9BCEAD2235",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss7016dr-s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A0F44A-CB7D-42EA-A8D7-373F5BD6A963",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C754C4-1908-4EF2-BB70-4EA730324D98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4D060128-197D-4EEC-A486-364B1876A1B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1E8F32EF-9A87-4807-B3C0-2DC4F17553D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9CED99-BAC5-4D7C-B10F-DF16085BC888",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss4004-s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8C804BE-2D42-4213-A108-4426F5F0E348",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua software products have a vulnerability of unrestricted upload of file. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can upload arbitrary files."
},
{
"lang": "es",
"value": "Algunos productos de software de Dahua tienen una vulnerabilidad de carga de archivos sin restricciones. Despu\u00e9s de obtener los permisos de los administradores, al enviar un paquete manipulado espec\u00edficamente a la interfaz vulnerable, un atacante puede cargar archivos arbitrarios."
}
],
"id": "CVE-2022-45427",
"lastModified": "2025-04-14T14:15:20.827",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-12-27T18:15:10.600",
"references": [
{
"source": "cybersecurity@dahuatech.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
],
"sourceIdentifier": "cybersecurity@dahuatech.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-45430
Vulnerability from fkie_nvd - Published: 2022-12-27 18:15 - Updated: 2025-04-11 23:15
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Some Dahua software products have a vulnerability of unauthenticated enable or disable SSHD service. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could enable or disable the SSHD service.
References
| URL | Tags | ||
|---|---|---|---|
| cybersecurity@dahuatech.com | https://www.dahuasecurity.com/support/cybersecurity/details/1137 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dahuasecurity.com/support/cybersecurity/details/1137 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:7.002.1760000.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3884EEA1-1A5A-465D-911A-C1468C48095C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "546B8C47-C545-4BF6-B62E-F6D7A4EC0B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFFFF73-D666-4EFD-BC9C-F35AB0884E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F79147B7-FBD0-4A5A-81A4-B902366336C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A7BE6D-04EB-40CC-A59E-78922BA310EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:7.002.1760000.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA1F0C70-4274-4910-A645-EC52D1CB3847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7812C76-E325-4DDB-BF1F-AA0C37B073F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F6C276F4-260B-4C98-92B7-AD5FD5B6A35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50990609-E282-4FF0-B7B3-6FF641E1F836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CE289B1-0442-4F55-9C8B-3B8D1B3F24E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D729295F-15E2-4B8D-A85C-53CAB6544144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "266BDE37-4A75-4B7F-9627-DDE6C78FB593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA557CC-3A2B-40E0-833E-2009B6180DEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6E8AE26-5271-4BA3-8539-9B7856F5DF84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss7016d-s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCBDDB17-CEDD-45DA-87E0-7F15753AE9BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F2A1C3-2057-4182-B425-94C3EC1862BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D6042411-429A-48BC-9D21-D8AD84DB11E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "11B6BBCD-0A83-4816-84F9-647403DA64F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78D7D57F-36EA-42DB-866F-DC9BCEAD2235",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss7016dr-s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A0F44A-CB7D-42EA-A8D7-373F5BD6A963",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C754C4-1908-4EF2-BB70-4EA730324D98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4D060128-197D-4EEC-A486-364B1876A1B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1E8F32EF-9A87-4807-B3C0-2DC4F17553D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9CED99-BAC5-4D7C-B10F-DF16085BC888",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss4004-s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8C804BE-2D42-4213-A108-4426F5F0E348",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua software products have a vulnerability of unauthenticated enable or disable SSHD service. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could enable or disable the SSHD service."
},
{
"lang": "es",
"value": "Algunos productos de software de Dahua tienen la vulnerabilidad de habilitar o deshabilitar el servicio SSHD sin autenticaci\u00f3n. Despu\u00e9s de omitir la pol\u00edtica de control de acceso del firewall, al enviar un paquete manipulado espec\u00edficamente a la interfaz vulnerable, un atacante podr\u00eda habilitar o deshabilitar el servicio SSHD."
}
],
"id": "CVE-2022-45430",
"lastModified": "2025-04-11T23:15:27.287",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-12-27T18:15:10.743",
"references": [
{
"source": "cybersecurity@dahuatech.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
],
"sourceIdentifier": "cybersecurity@dahuatech.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-45423
Vulnerability from fkie_nvd - Published: 2022-12-27 18:15 - Updated: 2025-04-14 13:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnerable interface (the credentials cannot be directly exploited).
References
| URL | Tags | ||
|---|---|---|---|
| cybersecurity@dahuatech.com | https://www.dahuasecurity.com/support/cybersecurity/details/1137 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dahuasecurity.com/support/cybersecurity/details/1137 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:7.002.1760000.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3884EEA1-1A5A-465D-911A-C1468C48095C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "546B8C47-C545-4BF6-B62E-F6D7A4EC0B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFFFF73-D666-4EFD-BC9C-F35AB0884E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F79147B7-FBD0-4A5A-81A4-B902366336C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A7BE6D-04EB-40CC-A59E-78922BA310EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:7.002.1760000.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA1F0C70-4274-4910-A645-EC52D1CB3847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7812C76-E325-4DDB-BF1F-AA0C37B073F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F6C276F4-260B-4C98-92B7-AD5FD5B6A35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50990609-E282-4FF0-B7B3-6FF641E1F836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CE289B1-0442-4F55-9C8B-3B8D1B3F24E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D729295F-15E2-4B8D-A85C-53CAB6544144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "266BDE37-4A75-4B7F-9627-DDE6C78FB593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA557CC-3A2B-40E0-833E-2009B6180DEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6E8AE26-5271-4BA3-8539-9B7856F5DF84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss7016d-s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCBDDB17-CEDD-45DA-87E0-7F15753AE9BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F2A1C3-2057-4182-B425-94C3EC1862BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D6042411-429A-48BC-9D21-D8AD84DB11E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "11B6BBCD-0A83-4816-84F9-647403DA64F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78D7D57F-36EA-42DB-866F-DC9BCEAD2235",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss7016dr-s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A0F44A-CB7D-42EA-A8D7-373F5BD6A963",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C754C4-1908-4EF2-BB70-4EA730324D98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4D060128-197D-4EEC-A486-364B1876A1B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1E8F32EF-9A87-4807-B3C0-2DC4F17553D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9CED99-BAC5-4D7C-B10F-DF16085BC888",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss4004-s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8C804BE-2D42-4213-A108-4426F5F0E348",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnerable interface (the credentials cannot be directly exploited)."
},
{
"lang": "es",
"value": "Algunos productos de software de Dahua tienen una vulnerabilidad de solicitud no autenticada de credenciales MQTT. Un atacante puede obtener credenciales MQTT cifradas enviando un paquete manipulado espec\u00edficamente a la interfaz vulnerable (las credenciales no pueden explotarse directamente)."
}
],
"id": "CVE-2022-45423",
"lastModified": "2025-04-14T13:15:15.970",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-12-27T18:15:10.390",
"references": [
{
"source": "cybersecurity@dahuatech.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
],
"sourceIdentifier": "cybersecurity@dahuatech.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-45429
Vulnerability from fkie_nvd - Published: 2022-12-27 18:15 - Updated: 2025-04-12 00:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Some Dahua software products have a vulnerability of server-side request forgery (SSRF). An Attacker can access internal resources by concatenating links (URL) that conform to specific rules.
References
| URL | Tags | ||
|---|---|---|---|
| cybersecurity@dahuatech.com | https://www.dahuasecurity.com/support/cybersecurity/details/1137 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dahuasecurity.com/support/cybersecurity/details/1137 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:7.002.1760000.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3884EEA1-1A5A-465D-911A-C1468C48095C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "546B8C47-C545-4BF6-B62E-F6D7A4EC0B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFFFF73-D666-4EFD-BC9C-F35AB0884E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F79147B7-FBD0-4A5A-81A4-B902366336C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A7BE6D-04EB-40CC-A59E-78922BA310EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:7.002.1760000.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA1F0C70-4274-4910-A645-EC52D1CB3847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7812C76-E325-4DDB-BF1F-AA0C37B073F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F6C276F4-260B-4C98-92B7-AD5FD5B6A35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50990609-E282-4FF0-B7B3-6FF641E1F836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CE289B1-0442-4F55-9C8B-3B8D1B3F24E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D729295F-15E2-4B8D-A85C-53CAB6544144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "266BDE37-4A75-4B7F-9627-DDE6C78FB593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA557CC-3A2B-40E0-833E-2009B6180DEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6E8AE26-5271-4BA3-8539-9B7856F5DF84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss7016d-s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCBDDB17-CEDD-45DA-87E0-7F15753AE9BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F2A1C3-2057-4182-B425-94C3EC1862BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D6042411-429A-48BC-9D21-D8AD84DB11E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "11B6BBCD-0A83-4816-84F9-647403DA64F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78D7D57F-36EA-42DB-866F-DC9BCEAD2235",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss7016dr-s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A0F44A-CB7D-42EA-A8D7-373F5BD6A963",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C754C4-1908-4EF2-BB70-4EA730324D98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4D060128-197D-4EEC-A486-364B1876A1B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1E8F32EF-9A87-4807-B3C0-2DC4F17553D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9CED99-BAC5-4D7C-B10F-DF16085BC888",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss4004-s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8C804BE-2D42-4213-A108-4426F5F0E348",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua software products have a vulnerability of server-side request forgery (SSRF). An Attacker can access internal resources by concatenating links (URL) that conform to specific rules."
},
{
"lang": "es",
"value": "Algunos productos de software de Dahua tienen una vulnerabilidad de server-side request forgery (SSRF). Un atacante puede acceder a recursos internos concatenando enlaces (URL) que se ajusten a reglas espec\u00edficas."
}
],
"id": "CVE-2022-45429",
"lastModified": "2025-04-12T00:15:16.660",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-12-27T18:15:10.693",
"references": [
{
"source": "cybersecurity@dahuatech.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
],
"sourceIdentifier": "cybersecurity@dahuatech.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-45434
Vulnerability from fkie_nvd - Published: 2022-12-27 18:15 - Updated: 2025-04-14 13:15
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could exploit the victim server to launch ICMP request attack to the designated target host.
References
| URL | Tags | ||
|---|---|---|---|
| cybersecurity@dahuatech.com | https://www.dahuasecurity.com/support/cybersecurity/details/1137 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dahuasecurity.com/support/cybersecurity/details/1137 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D729295F-15E2-4B8D-A85C-53CAB6544144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "266BDE37-4A75-4B7F-9627-DDE6C78FB593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA557CC-3A2B-40E0-833E-2009B6180DEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6E8AE26-5271-4BA3-8539-9B7856F5DF84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss7016d-s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCBDDB17-CEDD-45DA-87E0-7F15753AE9BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F2A1C3-2057-4182-B425-94C3EC1862BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D6042411-429A-48BC-9D21-D8AD84DB11E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "11B6BBCD-0A83-4816-84F9-647403DA64F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78D7D57F-36EA-42DB-866F-DC9BCEAD2235",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss7016dr-s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A0F44A-CB7D-42EA-A8D7-373F5BD6A963",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C754C4-1908-4EF2-BB70-4EA730324D98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4D060128-197D-4EEC-A486-364B1876A1B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1E8F32EF-9A87-4807-B3C0-2DC4F17553D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9CED99-BAC5-4D7C-B10F-DF16085BC888",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss4004-s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8C804BE-2D42-4213-A108-4426F5F0E348",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:7.002.1760000.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3884EEA1-1A5A-465D-911A-C1468C48095C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "546B8C47-C545-4BF6-B62E-F6D7A4EC0B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFFFF73-D666-4EFD-BC9C-F35AB0884E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F79147B7-FBD0-4A5A-81A4-B902366336C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A7BE6D-04EB-40CC-A59E-78922BA310EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:7.002.1760000.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA1F0C70-4274-4910-A645-EC52D1CB3847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7812C76-E325-4DDB-BF1F-AA0C37B073F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F6C276F4-260B-4C98-92B7-AD5FD5B6A35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50990609-E282-4FF0-B7B3-6FF641E1F836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CE289B1-0442-4F55-9C8B-3B8D1B3F24E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could exploit the victim server to launch ICMP request attack to the designated target host."
},
{
"lang": "es",
"value": "Algunos productos de software de Dahua tienen una vulnerabilidad de solicitudes ICMP no autenticadas y no limitadas en un servidor DSS remoto. Despu\u00e9s de omitir la pol\u00edtica de control de acceso del firewall, al enviar un paquete manipulado espec\u00edficamente a la interfaz vulnerable, un atacante podr\u00eda explotar el servidor v\u00edctima para lanzar un ataque de solicitud ICMP al host de destino designado."
}
],
"id": "CVE-2022-45434",
"lastModified": "2025-04-14T13:15:16.190",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-12-27T18:15:10.970",
"references": [
{
"source": "cybersecurity@dahuatech.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
],
"sourceIdentifier": "cybersecurity@dahuatech.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-45433
Vulnerability from fkie_nvd - Published: 2022-12-27 18:15 - Updated: 2025-04-14 14:15
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could get the traceroute results.
References
| URL | Tags | ||
|---|---|---|---|
| cybersecurity@dahuatech.com | https://www.dahuasecurity.com/support/cybersecurity/details/1137 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dahuasecurity.com/support/cybersecurity/details/1137 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D729295F-15E2-4B8D-A85C-53CAB6544144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "266BDE37-4A75-4B7F-9627-DDE6C78FB593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA557CC-3A2B-40E0-833E-2009B6180DEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6E8AE26-5271-4BA3-8539-9B7856F5DF84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss7016d-s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCBDDB17-CEDD-45DA-87E0-7F15753AE9BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F2A1C3-2057-4182-B425-94C3EC1862BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D6042411-429A-48BC-9D21-D8AD84DB11E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "11B6BBCD-0A83-4816-84F9-647403DA64F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78D7D57F-36EA-42DB-866F-DC9BCEAD2235",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss7016dr-s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38A0F44A-CB7D-42EA-A8D7-373F5BD6A963",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C754C4-1908-4EF2-BB70-4EA730324D98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4D060128-197D-4EEC-A486-364B1876A1B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1E8F32EF-9A87-4807-B3C0-2DC4F17553D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9CED99-BAC5-4D7C-B10F-DF16085BC888",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss4004-s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8C804BE-2D42-4213-A108-4426F5F0E348",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:7.002.1760000.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3884EEA1-1A5A-465D-911A-C1468C48095C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "546B8C47-C545-4BF6-B62E-F6D7A4EC0B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFFFF73-D666-4EFD-BC9C-F35AB0884E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F79147B7-FBD0-4A5A-81A4-B902366336C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A7BE6D-04EB-40CC-A59E-78922BA310EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:7.002.1760000.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA1F0C70-4274-4910-A645-EC52D1CB3847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7812C76-E325-4DDB-BF1F-AA0C37B073F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F6C276F4-260B-4C98-92B7-AD5FD5B6A35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50990609-E282-4FF0-B7B3-6FF641E1F836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CE289B1-0442-4F55-9C8B-3B8D1B3F24E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could get the traceroute results."
},
{
"lang": "es",
"value": "Algunos productos de software de Dahua tienen una vulnerabilidad de host de traceroute no autenticado desde un servidor DSS remoto. Despu\u00e9s de omitir la pol\u00edtica de control de acceso del firewall, al enviar un paquete manipulado espec\u00edficamente a la interfaz vulnerable, un atacante podr\u00eda obtener los resultados del traceroute."
}
],
"id": "CVE-2022-45433",
"lastModified": "2025-04-14T14:15:21.313",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-12-27T18:15:10.907",
"references": [
{
"source": "cybersecurity@dahuatech.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
],
"sourceIdentifier": "cybersecurity@dahuatech.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CVE-2022-45429 (GCVE-0-2022-45429)
Vulnerability from cvelistv5 – Published: 2022-12-27 00:00 – Updated: 2025-04-11 23:11
VLAI?
Summary
Some Dahua software products have a vulnerability of server-side request forgery (SSRF). An Attacker can access internal resources by concatenating links (URL) that conform to specific rules.
Severity ?
7.5 (High)
CWE
- Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 |
Affected:
V8.0.2, V8.0.4, V8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:57.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45429",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-11T23:09:35.603698Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T23:11:09.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V8.0.2, V8.0.4, V8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua software products have a vulnerability of server-side request forgery (SSRF). An Attacker can access internal resources by concatenating links (URL) that conform to specific rules."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-27T00:00:00.000Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2022-45429",
"datePublished": "2022-12-27T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-04-11T23:11:09.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45431 (GCVE-0-2022-45431)
Vulnerability from cvelistv5 – Published: 2022-12-27 00:00 – Updated: 2025-04-11 23:07
VLAI?
Summary
Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated restart of remote DSS Server.
Severity ?
7.5 (High)
CWE
- Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 |
Affected:
V8.0.2, V8.0.4, V8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:57.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45431",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-11T23:06:20.607432Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T23:07:11.025Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V8.0.2, V8.0.4, V8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated restart of remote DSS Server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-27T00:00:00.000Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2022-45431",
"datePublished": "2022-12-27T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-04-11T23:07:11.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45430 (GCVE-0-2022-45430)
Vulnerability from cvelistv5 – Published: 2022-12-27 00:00 – Updated: 2025-04-11 23:08
VLAI?
Summary
Some Dahua software products have a vulnerability of unauthenticated enable or disable SSHD service. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could enable or disable the SSHD service.
Severity ?
CWE
- Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 |
Affected:
V8.0.2, V8.0.4, V8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:56.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45430",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-11T23:08:00.563892Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T23:08:54.667Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V8.0.2, V8.0.4, V8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua software products have a vulnerability of unauthenticated enable or disable SSHD service. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could enable or disable the SSHD service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-27T00:00:00.000Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2022-45430",
"datePublished": "2022-12-27T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-04-11T23:08:54.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45433 (GCVE-0-2022-45433)
Vulnerability from cvelistv5 – Published: 2022-12-27 00:00 – Updated: 2025-04-14 13:05
VLAI?
Summary
Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could get the traceroute results.
Severity ?
CWE
- Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 |
Affected:
V8.0.2, V8.0.4, V8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:57.038Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45433",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T13:05:16.598801Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T13:05:43.020Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V8.0.2, V8.0.4, V8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could get the traceroute results."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-27T00:00:00.000Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2022-45433",
"datePublished": "2022-12-27T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-04-14T13:05:43.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45423 (GCVE-0-2022-45423)
Vulnerability from cvelistv5 – Published: 2022-12-27 00:00 – Updated: 2025-04-14 13:00
VLAI?
Summary
Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnerable interface (the credentials cannot be directly exploited).
Severity ?
7.5 (High)
CWE
- Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 |
Affected:
V8.0.2, V8.0.4, V8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:57.037Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45423",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T12:59:47.911295Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T13:00:23.939Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V8.0.2, V8.0.4, V8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnerable interface (the credentials cannot be directly exploited)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-27T00:00:00.000Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2022-45423",
"datePublished": "2022-12-27T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-04-14T13:00:23.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45432 (GCVE-0-2022-45432)
Vulnerability from cvelistv5 – Published: 2022-12-27 00:00 – Updated: 2025-04-14 13:08
VLAI?
Summary
Some Dahua software products have a vulnerability of unauthenticated search for devices. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated search for devices in range of IPs from remote DSS Server.
Severity ?
5.3 (Medium)
CWE
- Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | DSS Professional、DSS Express、DHI-DSS7016D-S2/DHI-DSS7016DR-S2、DHI-DSS4004-S2 |
Affected:
V8.0.2, V8.0.4, V8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:56.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45432",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T13:08:04.274952Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T13:08:12.283Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DSS Professional\u3001DSS Express\u3001DHI-DSS7016D-S2/DHI-DSS7016DR-S2\u3001DHI-DSS4004-S2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V8.0.2, V8.0.4, V8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua software products have a vulnerability of unauthenticated search for devices. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated search for devices in range of IPs from remote DSS Server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-27T00:00:00.000Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2022-45432",
"datePublished": "2022-12-27T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-04-14T13:08:12.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45427 (GCVE-0-2022-45427)
Vulnerability from cvelistv5 – Published: 2022-12-27 00:00 – Updated: 2025-04-14 13:18
VLAI?
Summary
Some Dahua software products have a vulnerability of unrestricted upload of file. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can upload arbitrary files.
Severity ?
7.2 (High)
CWE
- Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 |
Affected:
V8.0.2, V8.0.4, V8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:56.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45427",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T13:17:28.324911Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T13:18:05.574Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V8.0.2, V8.0.4, V8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua software products have a vulnerability of unrestricted upload of file. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can upload arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-27T00:00:00.000Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2022-45427",
"datePublished": "2022-12-27T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-04-14T13:18:05.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45428 (GCVE-0-2022-45428)
Vulnerability from cvelistv5 – Published: 2022-12-27 00:00 – Updated: 2025-04-14 13:16
VLAI?
Summary
Some Dahua software products have a vulnerability of sensitive information leakage. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can obtain the debugging information.
Severity ?
CWE
- Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 |
Affected:
V8.0.2, V8.0.4, V8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:57.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45428",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T13:15:59.647603Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201 Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T13:16:52.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V8.0.2, V8.0.4, V8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua software products have a vulnerability of sensitive information leakage. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can obtain the debugging information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-27T00:00:00.000Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2022-45428",
"datePublished": "2022-12-27T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-04-14T13:16:52.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45425 (GCVE-0-2022-45425)
Vulnerability from cvelistv5 – Published: 2022-12-27 00:00 – Updated: 2025-04-14 13:22
VLAI?
Summary
Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An attacker can obtain the AES crypto key by exploiting this vulnerability.
Severity ?
7.5 (High)
CWE
- Use of Hard-coded Cryptographic Key
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 |
Affected:
V8.0.2, V8.0.4, V8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:57.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45425",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T13:20:00.361857Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T13:22:30.367Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V8.0.2, V8.0.4, V8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An attacker can obtain the AES crypto key by exploiting this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-27T00:00:00.000Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2022-45425",
"datePublished": "2022-12-27T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-04-14T13:22:30.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45429 (GCVE-0-2022-45429)
Vulnerability from nvd – Published: 2022-12-27 00:00 – Updated: 2025-04-11 23:11
VLAI?
Summary
Some Dahua software products have a vulnerability of server-side request forgery (SSRF). An Attacker can access internal resources by concatenating links (URL) that conform to specific rules.
Severity ?
7.5 (High)
CWE
- Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 |
Affected:
V8.0.2, V8.0.4, V8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:57.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45429",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-11T23:09:35.603698Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T23:11:09.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V8.0.2, V8.0.4, V8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua software products have a vulnerability of server-side request forgery (SSRF). An Attacker can access internal resources by concatenating links (URL) that conform to specific rules."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-27T00:00:00.000Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2022-45429",
"datePublished": "2022-12-27T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-04-11T23:11:09.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45431 (GCVE-0-2022-45431)
Vulnerability from nvd – Published: 2022-12-27 00:00 – Updated: 2025-04-11 23:07
VLAI?
Summary
Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated restart of remote DSS Server.
Severity ?
7.5 (High)
CWE
- Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 |
Affected:
V8.0.2, V8.0.4, V8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:57.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45431",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-11T23:06:20.607432Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T23:07:11.025Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V8.0.2, V8.0.4, V8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated restart of remote DSS Server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-27T00:00:00.000Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2022-45431",
"datePublished": "2022-12-27T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-04-11T23:07:11.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45430 (GCVE-0-2022-45430)
Vulnerability from nvd – Published: 2022-12-27 00:00 – Updated: 2025-04-11 23:08
VLAI?
Summary
Some Dahua software products have a vulnerability of unauthenticated enable or disable SSHD service. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could enable or disable the SSHD service.
Severity ?
CWE
- Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 |
Affected:
V8.0.2, V8.0.4, V8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:56.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45430",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-11T23:08:00.563892Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T23:08:54.667Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V8.0.2, V8.0.4, V8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua software products have a vulnerability of unauthenticated enable or disable SSHD service. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could enable or disable the SSHD service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-27T00:00:00.000Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2022-45430",
"datePublished": "2022-12-27T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-04-11T23:08:54.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45433 (GCVE-0-2022-45433)
Vulnerability from nvd – Published: 2022-12-27 00:00 – Updated: 2025-04-14 13:05
VLAI?
Summary
Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could get the traceroute results.
Severity ?
CWE
- Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 |
Affected:
V8.0.2, V8.0.4, V8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:57.038Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45433",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T13:05:16.598801Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T13:05:43.020Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V8.0.2, V8.0.4, V8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could get the traceroute results."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-27T00:00:00.000Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2022-45433",
"datePublished": "2022-12-27T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-04-14T13:05:43.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45423 (GCVE-0-2022-45423)
Vulnerability from nvd – Published: 2022-12-27 00:00 – Updated: 2025-04-14 13:00
VLAI?
Summary
Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnerable interface (the credentials cannot be directly exploited).
Severity ?
7.5 (High)
CWE
- Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 |
Affected:
V8.0.2, V8.0.4, V8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:57.037Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45423",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T12:59:47.911295Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T13:00:23.939Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V8.0.2, V8.0.4, V8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnerable interface (the credentials cannot be directly exploited)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-27T00:00:00.000Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2022-45423",
"datePublished": "2022-12-27T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-04-14T13:00:23.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45432 (GCVE-0-2022-45432)
Vulnerability from nvd – Published: 2022-12-27 00:00 – Updated: 2025-04-14 13:08
VLAI?
Summary
Some Dahua software products have a vulnerability of unauthenticated search for devices. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated search for devices in range of IPs from remote DSS Server.
Severity ?
5.3 (Medium)
CWE
- Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | DSS Professional、DSS Express、DHI-DSS7016D-S2/DHI-DSS7016DR-S2、DHI-DSS4004-S2 |
Affected:
V8.0.2, V8.0.4, V8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:56.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45432",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T13:08:04.274952Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T13:08:12.283Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DSS Professional\u3001DSS Express\u3001DHI-DSS7016D-S2/DHI-DSS7016DR-S2\u3001DHI-DSS4004-S2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V8.0.2, V8.0.4, V8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua software products have a vulnerability of unauthenticated search for devices. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated search for devices in range of IPs from remote DSS Server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-27T00:00:00.000Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2022-45432",
"datePublished": "2022-12-27T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-04-14T13:08:12.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45427 (GCVE-0-2022-45427)
Vulnerability from nvd – Published: 2022-12-27 00:00 – Updated: 2025-04-14 13:18
VLAI?
Summary
Some Dahua software products have a vulnerability of unrestricted upload of file. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can upload arbitrary files.
Severity ?
7.2 (High)
CWE
- Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 |
Affected:
V8.0.2, V8.0.4, V8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:56.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45427",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T13:17:28.324911Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T13:18:05.574Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V8.0.2, V8.0.4, V8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua software products have a vulnerability of unrestricted upload of file. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can upload arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-27T00:00:00.000Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2022-45427",
"datePublished": "2022-12-27T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-04-14T13:18:05.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45428 (GCVE-0-2022-45428)
Vulnerability from nvd – Published: 2022-12-27 00:00 – Updated: 2025-04-14 13:16
VLAI?
Summary
Some Dahua software products have a vulnerability of sensitive information leakage. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can obtain the debugging information.
Severity ?
CWE
- Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 |
Affected:
V8.0.2, V8.0.4, V8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:57.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45428",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T13:15:59.647603Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201 Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T13:16:52.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V8.0.2, V8.0.4, V8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua software products have a vulnerability of sensitive information leakage. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can obtain the debugging information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-27T00:00:00.000Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2022-45428",
"datePublished": "2022-12-27T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-04-14T13:16:52.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45425 (GCVE-0-2022-45425)
Vulnerability from nvd – Published: 2022-12-27 00:00 – Updated: 2025-04-14 13:22
VLAI?
Summary
Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An attacker can obtain the AES crypto key by exploiting this vulnerability.
Severity ?
7.5 (High)
CWE
- Use of Hard-coded Cryptographic Key
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 |
Affected:
V8.0.2, V8.0.4, V8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:09:57.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45425",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T13:20:00.361857Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T13:22:30.367Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "V8.0.2, V8.0.4, V8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An attacker can obtain the AES crypto key by exploiting this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-27T00:00:00.000Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2022-45425",
"datePublished": "2022-12-27T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-04-14T13:22:30.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}