Lucene search
+L
DahuasecurityDss Express

12 matches found

CVE
CVE
added 2022/12/27 12:0 a.m.100 views

CVE-2022-45423

The CVE-2022-45423 entry concerns Dahua software products vulnerable to unauthenticated requests for MQTT credentials. Affected component is the vulnerable interface handling MQTT credential requests; the underlying issue enables an attacker to obtain encrypted MQTT credentials by sending a craft...

7.5CVSS7.5AI score0.00572EPSS
CVE
CVE
added 2022/12/27 12:0 a.m.97 views

CVE-2022-45427

The CVE-2022-45427 entry covers unrestricted file upload vulnerabilities in Dahua software products. The available connected documents describe that after an administrator gains permissions, an attacker can upload arbitrary files by sending a specially crafted packet to the vulnerable interface, ...

7.2CVSS7AI score0.007EPSS
CVE
CVE
added 2022/12/27 12:0 a.m.94 views

CVE-2022-45424

CVE-2022-45424 affects Dahua software products, where an unauthenticated request to a vulnerable interface can disclose the AES crypto key. The core vulnerability is the ability to obtain the AES key via a crafted packet sent over the network. According to the sources, the CVSS metrics indicate a...

5.3CVSS5.3AI score0.00679EPSS
CVE
CVE
added 2022/12/27 12:0 a.m.93 views

CVE-2022-45434

CVE-2022-45434 affects Dahua software products with a vulnerable remote DSS Server. The issue allows unauthenticated, un-throttled ICMP requests after bypassing firewall access control by sending a crafted packet to the vulnerable interface, enabling an attacker to launch ICMP requests toward a d...

5.9CVSS5.8AI score0.00661EPSS
CVE
CVE
added 2022/12/27 12:0 a.m.87 views

CVE-2022-45425

Affected software: Dahua software products. Issue: use of a hard-coded AES cryptographic key, enabling an attacker to obtain the AES key. Root cause cited across sources is hard-coded keys within the product set. Impact (per sources): confidentiality impact, high. Vector: network-based exploitati...

7.5CVSS7.5AI score0.0053EPSS
CVE
CVE
added 2022/12/27 12:0 a.m.87 views

CVE-2022-45426

CVE-2022-45426 affects Dahua software products. The vulnerability allows unrestricted download of arbitrary files after an ordinary user gains permissions, by sending a specifically crafted packet to the vulnerable interface. Reported impacts include potential exposure of confidential data; explo...

6.5CVSS6.4AI score0.00584EPSS
CVE
CVE
added 2022/12/27 12:0 a.m.87 views

CVE-2022-45431

CVE-2022-45431 affects Dahua software products. The vulnerability allows an attacker to cause an unauthenticated restart of the remote DSS Server by sending a crafted packet after bypassing firewall ACLs. Impact is high on availability; no explicit patch/version remediation is provided in the ava...

7.5CVSS7.5AI score0.00642EPSS
CVE
CVE
added 2022/12/27 12:0 a.m.86 views

CVE-2022-45433

Technical details about CVE-2022-45433 are not publicly provided in the connected documents. No explicit affected products, versions, or fixes are disclosed here. Monitor the sources for updates and official advisories.

3.7CVSS4.5AI score0.00625EPSS
CVE
CVE
added 2022/12/27 12:0 a.m.84 views

CVE-2022-45430

Summary: CVE-2022-45430 affects Dahua software products where an unauthenticated attacker can enable or disable the SSHD service by sending a crafted packet to a vulnerable interface after bypassing firewall access controls. What’s affected (per documents): Dahua software products with a vulnerab...

3.7CVSS4.4AI score0.00414EPSS
CVE
CVE
added 2022/12/27 12:0 a.m.82 views

CVE-2022-45432

CVE-2022-45432 affects Dahua software products. The issue enables unauthenticated device discovery by bypassing firewall access controls and sending a crafted packet to the vulnerable interface, allowing an attacker to search for devices within an IP range from a remote DSS Server. Public details...

5.3CVSS5.4AI score0.00699EPSS
CVE
CVE
added 2022/12/27 12:0 a.m.77 views

CVE-2022-45428

The CVE-2022-45428 entry concerns sensitive information leakage in Dahua software. Affected: certain Dahua software products (no specific versions provided). Condition: an attacker with administrator permissions can trigger leakage by sending a crafted packet to a vulnerable interface to obtain d...

2.7CVSS3.8AI score0.00678EPSS
CVE
CVE
added 2022/12/27 12:0 a.m.75 views

CVE-2022-45429

Technical details are not publicly provided in the supplied documents. Monitor for updates from Dahua and related advisories regarding CVE-2022-45429.

7.5CVSS7.5AI score0.0053EPSS