Lucene search
HistoryDec 27, 2022 - 6:15 p.m.
CVE-2022-45428
dahua
software vulnerability
sensitive information leakage
permissions
specific crafted packet
vulnerable interface
debugging information
CVSS3
2.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
EPSS
0.001
Percentile
23.2%
Some Dahua software products have a vulnerability of sensitive information leakage. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can obtain the debugging information.
Affected configurations
Node
dahuasecuritydss_expressMatch7.002.1760000.2
ORdahuasecuritydss_expressMatch8.0.2
ORdahuasecuritydss_expressMatch8.0.4
ORdahuasecuritydss_expressMatch8.1
ORdahuasecuritydss_expressMatch8.1.1
ORdahuasecuritydss_professionalMatch7.002.1760000.2
ORdahuasecuritydss_professionalMatch8.0.2
ORdahuasecuritydss_professionalMatch8.0.4
ORdahuasecuritydss_professionalMatch8.1
ORdahuasecuritydss_professionalMatch8.1.1
Node
dahuasecuritydhi-dss7016d-s2_firmwareMatch1.001.0000001.2
ORdahuasecuritydhi-dss7016d-s2_firmwareMatch8.0.2
ORdahuasecuritydhi-dss7016d-s2_firmwareMatch8.0.4
ORdahuasecuritydhi-dss7016d-s2_firmwareMatch8.1
dahuasecuritydhi-dss7016d-s2Match-
Node
dahuasecuritydhi-dss7016dr-s2_firmwareMatch1.001.0000001.2
ORdahuasecuritydhi-dss7016dr-s2_firmwareMatch8.0.2
ORdahuasecuritydhi-dss7016dr-s2_firmwareMatch8.0.4
ORdahuasecuritydhi-dss7016dr-s2_firmwareMatch8.1
dahuasecuritydhi-dss7016dr-s2Match-
Node
dahuasecuritydhi-dss4004-s2_firmwareMatch1.001.0000001.2
ORdahuasecuritydhi-dss4004-s2_firmwareMatch8.0.2
ORdahuasecuritydhi-dss4004-s2_firmwareMatch8.0.4
ORdahuasecuritydhi-dss4004-s2_firmwareMatch8.1
dahuasecuritydhi-dss4004-s2Match-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| dahuasecurity | dss_express | 7.002.1760000.2 | cpe:2.3:a:dahuasecurity:dss_express:7.002.1760000.2:*:*:*:*:*:*:* |
| dahuasecurity | dss_express | 8.0.2 | cpe:2.3:a:dahuasecurity:dss_express:8.0.2:*:*:*:*:*:*:* |
| dahuasecurity | dss_express | 8.0.4 | cpe:2.3:a:dahuasecurity:dss_express:8.0.4:*:*:*:*:*:*:* |
| dahuasecurity | dss_express | 8.1 | cpe:2.3:a:dahuasecurity:dss_express:8.1:*:*:*:*:*:*:* |
| dahuasecurity | dss_express | 8.1.1 | cpe:2.3:a:dahuasecurity:dss_express:8.1.1:*:*:*:*:*:*:* |
| dahuasecurity | dss_professional | 7.002.1760000.2 | cpe:2.3:a:dahuasecurity:dss_professional:7.002.1760000.2:*:*:*:*:*:*:* |
| dahuasecurity | dss_professional | 8.0.2 | cpe:2.3:a:dahuasecurity:dss_professional:8.0.2:*:*:*:*:*:*:* |
| dahuasecurity | dss_professional | 8.0.4 | cpe:2.3:a:dahuasecurity:dss_professional:8.0.4:*:*:*:*:*:*:* |
| dahuasecurity | dss_professional | 8.1 | cpe:2.3:a:dahuasecurity:dss_professional:8.1:*:*:*:*:*:*:* |
| dahuasecurity | dss_professional | 8.1.1 | cpe:2.3:a:dahuasecurity:dss_professional:8.1.1:*:*:*:*:*:*:* |
Related
prion
prion
Information disclosure
2022-12-27 18:15:00
cve
cve
CVE-2022-45428
2022-12-27 18:15:10
cvelist
cvelist
CVE-2022-45428
2022-12-27 00:00:00
CVSS3
2.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
EPSS
0.001
Percentile
23.2%
Related for NVD:CVE-2022-45428