Dss Professional Security Vulnerabilities and Issues — Dss Professional CVE List

Lucene search

DahuasecurityDss Professional

5 matches found

CVE•added 2022/12/27 6:15 p.m.•85 views

CVE-2022-45423

Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnerable interface (the credentials cannot be directly exploited).

7.5CVSS7.5AI score0.00115EPSS

CVE•added 2022/12/27 6:15 p.m.•74 views

CVE-2022-45427

Some Dahua software products have a vulnerability of unrestricted upload of file. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can upload arbitrary files.

7.2CVSS7AI score0.00102EPSS

CVE•added 2022/12/27 6:15 p.m.•70 views

CVE-2022-45425

Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An attacker can obtain the AES crypto key by exploiting this vulnerability.

7.5CVSS7.5AI score0.00177EPSS

CVE•added 2022/12/27 6:15 p.m.•59 views

CVE-2022-45429

Some Dahua software products have a vulnerability of server-side request forgery (SSRF). An Attacker can access internal resources by concatenating links (URL) that conform to specific rules.

7.5CVSS7.5AI score0.00177EPSS

CVE•added 2022/12/27 6:15 p.m.•57 views

CVE-2022-45431

Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated restart of remote DSS Server.

7.5CVSS7.5AI score0.00034EPSS