12 matches found
CVE-2022-45423
The CVE-2022-45423 entry concerns Dahua software products vulnerable to unauthenticated requests for MQTT credentials. Affected component is the vulnerable interface handling MQTT credential requests; the underlying issue enables an attacker to obtain encrypted MQTT credentials by sending a craft...
CVE-2022-45427
The CVE-2022-45427 entry covers unrestricted file upload vulnerabilities in Dahua software products. The available connected documents describe that after an administrator gains permissions, an attacker can upload arbitrary files by sending a specially crafted packet to the vulnerable interface, ...
CVE-2022-45424
CVE-2022-45424 affects Dahua software products, where an unauthenticated request to a vulnerable interface can disclose the AES crypto key. The core vulnerability is the ability to obtain the AES key via a crafted packet sent over the network. According to the sources, the CVSS metrics indicate a...
CVE-2022-45434
CVE-2022-45434 affects Dahua software products with a vulnerable remote DSS Server. The issue allows unauthenticated, un-throttled ICMP requests after bypassing firewall access control by sending a crafted packet to the vulnerable interface, enabling an attacker to launch ICMP requests toward a d...
CVE-2022-45425
Affected software: Dahua software products. Issue: use of a hard-coded AES cryptographic key, enabling an attacker to obtain the AES key. Root cause cited across sources is hard-coded keys within the product set. Impact (per sources): confidentiality impact, high. Vector: network-based exploitati...
CVE-2022-45426
CVE-2022-45426 affects Dahua software products. The vulnerability allows unrestricted download of arbitrary files after an ordinary user gains permissions, by sending a specifically crafted packet to the vulnerable interface. Reported impacts include potential exposure of confidential data; explo...
CVE-2022-45431
CVE-2022-45431 affects Dahua software products. The vulnerability allows an attacker to cause an unauthenticated restart of the remote DSS Server by sending a crafted packet after bypassing firewall ACLs. Impact is high on availability; no explicit patch/version remediation is provided in the ava...
CVE-2022-45433
Technical details about CVE-2022-45433 are not publicly provided in the connected documents. No explicit affected products, versions, or fixes are disclosed here. Monitor the sources for updates and official advisories.
CVE-2022-45430
Summary: CVE-2022-45430 affects Dahua software products where an unauthenticated attacker can enable or disable the SSHD service by sending a crafted packet to a vulnerable interface after bypassing firewall access controls. What’s affected (per documents): Dahua software products with a vulnerab...
CVE-2022-45432
CVE-2022-45432 affects Dahua software products. The issue enables unauthenticated device discovery by bypassing firewall access controls and sending a crafted packet to the vulnerable interface, allowing an attacker to search for devices within an IP range from a remote DSS Server. Public details...
CVE-2022-45428
The CVE-2022-45428 entry concerns sensitive information leakage in Dahua software. Affected: certain Dahua software products (no specific versions provided). Condition: an attacker with administrator permissions can trigger leakage by sending a crafted packet to a vulnerable interface to obtain d...
CVE-2022-45429
Technical details are not publicly provided in the supplied documents. Monitor for updates from Dahua and related advisories regarding CVE-2022-45429.