Unauthenticated Remote Restart Vulnerability in Dahua Software Products
CVE-2022-45431

7.5HIGH

Key Information:

Vendor: Dahuasecurity
Status: Dss Professional, Dss Express, Dhi-dss7016d-s2/dhi-dss7016dr-s2, Dhi-dss4004-s2
Vendor: CVE Published:; 27 December 2022

🔔 Create Dahuasecurity Vulnerability Alert

What is CVE-2022-45431?

Dahua software products are exposed to a security vulnerability that allows unauthenticated attackers to remotely restart the DSS Server. By bypassing the firewall access control policies, an attacker can send a specially crafted packet targeting the vulnerable interface, enabling unauthorized control over the system. This raises significant security concerns for users relying on Dahua's software for their operations.

Affected Version(s)

DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2 V8.0.2, V8.0.4, V8.1

References

https://www.dahuasecurity.com/support/cybersecurity/detai...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 27, 2022
Vulnerability Reserved
Nov 14, 2022

CVE-2022-45431 Data

JSON