Lucene search

K
nvd[email protected]NVD:CVE-2022-45432
HistoryDec 27, 2022 - 6:15 p.m.

CVE-2022-45432

2022-12-2718:15:10
web.nvd.nist.gov
3
cve-2022-45432
dahua software
unauthenticated search
firewall bypass
crafted packet
remote dss server

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

31.7%

Some Dahua software products have a vulnerability of unauthenticated search for devices. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated search for devices in range of IPs from remote DSS Server.

Affected configurations

Nvd
Node
dahuasecuritydhi-dss7016d-s2_firmwareMatch1.001.0000001.2
OR
dahuasecuritydhi-dss7016d-s2_firmwareMatch8.0.2
OR
dahuasecuritydhi-dss7016d-s2_firmwareMatch8.0.4
OR
dahuasecuritydhi-dss7016d-s2_firmwareMatch8.1
AND
dahuasecuritydhi-dss7016d-s2Match-
Node
dahuasecuritydhi-dss7016dr-s2_firmwareMatch1.001.0000001.2
OR
dahuasecuritydhi-dss7016dr-s2_firmwareMatch8.0.2
OR
dahuasecuritydhi-dss7016dr-s2_firmwareMatch8.0.4
OR
dahuasecuritydhi-dss7016dr-s2_firmwareMatch8.1
AND
dahuasecuritydhi-dss7016dr-s2Match-
Node
dahuasecuritydhi-dss4004-s2_firmwareMatch1.001.0000001.2
OR
dahuasecuritydhi-dss4004-s2_firmwareMatch8.0.2
OR
dahuasecuritydhi-dss4004-s2_firmwareMatch8.0.4
OR
dahuasecuritydhi-dss4004-s2_firmwareMatch8.1
AND
dahuasecuritydhi-dss4004-s2Match-
Node
dahuasecuritydss_expressMatch7.002.1760000.2
OR
dahuasecuritydss_expressMatch8.0.2
OR
dahuasecuritydss_expressMatch8.0.4
OR
dahuasecuritydss_expressMatch8.1
OR
dahuasecuritydss_expressMatch8.1.1
OR
dahuasecuritydss_professionalMatch7.002.1760000.2
OR
dahuasecuritydss_professionalMatch8.0.2
OR
dahuasecuritydss_professionalMatch8.0.4
OR
dahuasecuritydss_professionalMatch8.1
OR
dahuasecuritydss_professionalMatch8.1.1
AND
microsoftwindowsMatch-
VendorProductVersionCPE
dahuasecuritydhi-dss7016d-s2_firmware1.001.0000001.2cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*
dahuasecuritydhi-dss7016d-s2_firmware8.0.2cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.2:*:*:*:*:*:*:*
dahuasecuritydhi-dss7016d-s2_firmware8.0.4cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.4:*:*:*:*:*:*:*
dahuasecuritydhi-dss7016d-s2_firmware8.1cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.1:*:*:*:*:*:*:*
dahuasecuritydhi-dss7016d-s2-cpe:2.3:h:dahuasecurity:dhi-dss7016d-s2:-:*:*:*:*:*:*:*
dahuasecuritydhi-dss7016dr-s2_firmware1.001.0000001.2cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*
dahuasecuritydhi-dss7016dr-s2_firmware8.0.2cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.2:*:*:*:*:*:*:*
dahuasecuritydhi-dss7016dr-s2_firmware8.0.4cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.4:*:*:*:*:*:*:*
dahuasecuritydhi-dss7016dr-s2_firmware8.1cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.1:*:*:*:*:*:*:*
dahuasecuritydhi-dss7016dr-s2-cpe:2.3:h:dahuasecurity:dhi-dss7016dr-s2:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 261

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

31.7%

Related for NVD:CVE-2022-45432