Dss Express
CVE-2022-45425
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An attacker can obtain the AES crypto key by exploiting this vulnerability.
AnalysisAI
Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.
Technical ContextAI
This vulnerability is classified as Use of Hard-coded Credentials (CWE-798), which allows attackers to gain access using credentials embedded in source code. Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An attacker can obtain the AES crypto key by exploiting this vulnerability. Affected products include: Dahuasecurity Dss Express, Dahuasecurity Dss Professional, Dahuasecurity Dhi-Dss7016D-S2 Firmware, Dahuasecurity Dhi-Dss7016Dr-S2 Firmware, Dahuasecurity Dhi-Dss4004-S2 Firmware.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Remove hard-coded credentials, use environment variables or secrets management, rotate exposed credentials immediately.
More in Dss Express
View allSome Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. Rated high severity (
Some Dahua software products have a vulnerability of server-side request forgery (SSRF). Rated high severity (CVSS 7.5),
Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. Rated high severity (C
Some Dahua software products have a vulnerability of unrestricted upload of file. Rated high severity (CVSS 7.2), this v
Some Dahua software products have a vulnerability of unrestricted download of file. Rated medium severity (CVSS 6.5), th
Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. Ra
Some Dahua software products have a vulnerability of unauthenticated search for devices. Rated medium severity (CVSS 5.3
Some Dahua software products have a vulnerability of unauthenticated request of AES crypto key. Rated medium severity (C
Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote DSS Server. Rated low s
Some Dahua software products have a vulnerability of unauthenticated enable or disable SSHD service. Rated low severity
Some Dahua software products have a vulnerability of sensitive information leakage. Rated low severity (CVSS 2.7), this
Same weakness CWE-798 – Use of Hard-coded Credentials
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today