Skip to main content

Dss Express CVE-2022-45425

HIGH
Use of Hard-coded Credentials (CWE-798)
2022-12-27 cybersecurity@dahuatech.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 27, 2022 - 18:15 nvd
HIGH 7.5

DescriptionNVD

Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An attacker can obtain the AES crypto key by exploiting this vulnerability.

AnalysisAI

Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Technical ContextAI

This vulnerability is classified as Use of Hard-coded Credentials (CWE-798), which allows attackers to gain access using credentials embedded in source code. Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An attacker can obtain the AES crypto key by exploiting this vulnerability. Affected products include: Dahuasecurity Dss Express, Dahuasecurity Dss Professional, Dahuasecurity Dhi-Dss7016D-S2 Firmware, Dahuasecurity Dhi-Dss7016Dr-S2 Firmware, Dahuasecurity Dhi-Dss4004-S2 Firmware.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Remove hard-coded credentials, use environment variables or secrets management, rotate exposed credentials immediately.

CVE-2022-45431 HIGH
7.5 Dec 27

Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. Rated high severity (

CVE-2022-45429 HIGH
7.5 Dec 27

Some Dahua software products have a vulnerability of server-side request forgery (SSRF). Rated high severity (CVSS 7.5),

CVE-2022-45423 HIGH
7.5 Dec 27

Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. Rated high severity (C

CVE-2022-45427 HIGH
7.2 Dec 27

Some Dahua software products have a vulnerability of unrestricted upload of file. Rated high severity (CVSS 7.2), this v

CVE-2022-45426 MEDIUM
6.5 Dec 27

Some Dahua software products have a vulnerability of unrestricted download of file. Rated medium severity (CVSS 6.5), th

CVE-2022-45434 MEDIUM
5.9 Dec 27

Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. Ra

CVE-2022-45432 MEDIUM
5.3 Dec 27

Some Dahua software products have a vulnerability of unauthenticated search for devices. Rated medium severity (CVSS 5.3

CVE-2022-45424 MEDIUM
5.3 Dec 27

Some Dahua software products have a vulnerability of unauthenticated request of AES crypto key. Rated medium severity (C

CVE-2022-45433 LOW
3.7 Dec 27

Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote DSS Server. Rated low s

CVE-2022-45430 LOW
3.7 Dec 27

Some Dahua software products have a vulnerability of unauthenticated enable or disable SSHD service. Rated low severity

CVE-2022-45428 LOW
2.7 Dec 27

Some Dahua software products have a vulnerability of sensitive information leakage. Rated low severity (CVSS 2.7), this

Share

CVE-2022-45425 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy