Skip to main content

Dss Express CVE-2022-45426

MEDIUM
Files or Directories Accessible to External Parties (CWE-552)
2022-12-27 cybersecurity@dahuatech.com
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 27, 2022 - 18:15 nvd
MEDIUM 6.5

DescriptionNVD

Some Dahua software products have a vulnerability of unrestricted download of file. After obtaining the permissions of ordinary users, by sending a specific crafted packet to the vulnerable interface, an attacker can download arbitrary files.

AnalysisAI

Some Dahua software products have a vulnerability of unrestricted download of file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-552. Some Dahua software products have a vulnerability of unrestricted download of file. After obtaining the permissions of ordinary users, by sending a specific crafted packet to the vulnerable interface, an attacker can download arbitrary files. Affected products include: Dahuasecurity Dss Express, Dahuasecurity Dss Professional, Dahuasecurity Dhi-Dss7016D-S2 Firmware, Dahuasecurity Dhi-Dss7016Dr-S2 Firmware, Dahuasecurity Dhi-Dss4004-S2 Firmware.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-45431 HIGH
7.5 Dec 27

Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. Rated high severity (

CVE-2022-45429 HIGH
7.5 Dec 27

Some Dahua software products have a vulnerability of server-side request forgery (SSRF). Rated high severity (CVSS 7.5),

CVE-2022-45425 HIGH
7.5 Dec 27

Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. Rated high severity (CVSS 7.

CVE-2022-45423 HIGH
7.5 Dec 27

Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. Rated high severity (C

CVE-2022-45427 HIGH
7.2 Dec 27

Some Dahua software products have a vulnerability of unrestricted upload of file. Rated high severity (CVSS 7.2), this v

CVE-2022-45434 MEDIUM
5.9 Dec 27

Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. Ra

CVE-2022-45432 MEDIUM
5.3 Dec 27

Some Dahua software products have a vulnerability of unauthenticated search for devices. Rated medium severity (CVSS 5.3

CVE-2022-45424 MEDIUM
5.3 Dec 27

Some Dahua software products have a vulnerability of unauthenticated request of AES crypto key. Rated medium severity (C

CVE-2022-45433 LOW
3.7 Dec 27

Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote DSS Server. Rated low s

CVE-2022-45430 LOW
3.7 Dec 27

Some Dahua software products have a vulnerability of unauthenticated enable or disable SSHD service. Rated low severity

CVE-2022-45428 LOW
2.7 Dec 27

Some Dahua software products have a vulnerability of sensitive information leakage. Rated low severity (CVSS 2.7), this

Share

CVE-2022-45426 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy