Unauthorized Modification of Device Timestamp in Dahua Embedded Products
CVE-2022-30564

5.3MEDIUM

Key Information:

Vendor: Dahuasecurity
Status: Ipc-hx5xxx,ipc-hx7xxx,sd5a,sd22,sd59,nvr5xxx-i,nvr5xxx-i/l,nvr4xxx-i,nvr2xxx-i,xvrxxxx-i2,xvrxxxx-x
Vendor: CVE Published:; 9 February 2023

🔔 Create Dahuasecurity Vulnerability Alert

What is CVE-2022-30564?

Dahua embedded products are susceptible to a vulnerability that enables unauthorized users to alter the device's system timestamp. This security flaw can be exploited by sending a specifically crafted packet to the vulnerable interface, allowing attackers to manipulate the device's time settings. Such changes can disrupt logging processes, interfere with time-sensitive functionalities, and create potential avenues for further exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

IPC-HX5XXX,IPC-HX7XXX,SD5A,SD22,SD59,NVR5XXX-I,NVR5XXX-I/L,NVR4XXX-I,NVR2XXX-I,XVRXXXX-I2,XVRXXXX-X Versions which Build time between IPC:2018/12/01 –2020/12/21 SDXX:2018/10/27 - 2021/05/08 NVR:2018/04/29 - 2021/05/12 XVR:2019/06/15- 2021/10/24

References

https://www.dahuasecurity.com/support/cybersecurity/detai...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 9, 2023
Vulnerability Reserved
May 11, 2022

JSON

Dahuasecurity

What is CVE-2022-30564?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.