Sensitive Information Leakage in Dahua Software Products
CVE-2022-45428

2.7LOW

Key Information:

Vendor

Dahuasecurity

Status
Dss Professional, Dss Express, Dhi-dss7016d-s2/dhi-dss7016dr-s2, Dhi-dss4004-s2
Vendor
CVE Published:
27 December 2022

What is CVE-2022-45428?

Dahua software products contain a vulnerability that can lead to sensitive information leakage. An attacker who gains administrator permissions can exploit this flaw by sending a specifically crafted packet to a vulnerable interface, allowing them to retrieve sensitive debugging information. This poses a significant risk for users whose systems rely on these products, as it may expose sensitive data to unauthorized parties.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 V8.0.2, V8.0.4, V8.1

References

https://www.dahuasecurity.com/support/cybersecurity/detai...

CVSS V3.1

Score:
2.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.