Unauthenticated Device Discovery Vulnerability in Dahua Software
CVE-2022-45432

5.3MEDIUM

Key Information:

Vendor: Dahuasecurity
Status: Dss Professional、dss Express、dhi-dss7016d-s2/dhi-dss7016dr-s2、dhi-dss4004-s2
Vendor: CVE Published:; 27 December 2022

🔔 Create Dahuasecurity Vulnerability Alert

What is CVE-2022-45432?

Dahua software products exhibit a vulnerability that allows attackers to perform an unauthenticated search for devices. This occurs after evading the firewall access control policy by sending a specially crafted packet to the vulnerable interface. As a result, an attacker can enumerate devices within a specified range of IP addresses from a remote DSS Server, compromising the integrity of network security and potentially exposing sensitive information.

Affected Version(s)

DSS Professional、DSS Express、DHI-DSS7016D-S2/DHI-DSS7016DR-S2、DHI-DSS4004-S2 V8.0.2, V8.0.4, V8.1

References

https://www.dahuasecurity.com/support/cybersecurity/detai...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 27, 2022
Vulnerability Reserved
Nov 14, 2022

CVE-2022-45432 Data

JSON