Man-in-the-Middle Attack Vulnerability in Dahua Devices
CVE-2022-30562

4.7MEDIUM

Key Information:

Vendor: Dahuasecurity
Status: Ipchdbw2xxx Ipchfw2xxx Asi7xxxx
Vendor: CVE Published:; 28 June 2022

🔔 Create Dahuasecurity Vulnerability Alert

What is CVE-2022-30562?

An exposed security flaw in Dahua devices occurs when the HTTPS function is enabled, which allows an attacker to perform a man-in-the-middle attack. By injecting a malicious URL into the Host header of an HTTP request, the attacker can alter the user's request and redirect them to a website controlled by the attacker, leading to potential data exposure or further exploitation.

Affected Version(s)

IPCHDBW2XXX IPCHFW2XXX ASI7XXXX Versions which Build time before April, 2022

References

https://www.dahuasecurity.com/support/cybersecurity/detai...

x_refsource_MISC

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 28, 2022
Vulnerability Reserved
May 11, 2022

CVE-2022-30562 Data

JSON