CVE-2022-30564 — MEDIUM (5.3)

Q: How severe is CVE-2022-30564?

CVE-2022-30564 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-30564?

Check the references section above for vendor advisories and patch information. Affected products include: Dahuasecurity Ipc-Hf71242F-Z-X Firmware, Dahuasecurity Ipc-Hf71242F-Z-X, Dahuasecurity Ipc-Hf7442F-Z-X Firmware, Dahuasecurity Ipc-Hf7442F-Z-X, Dahuasecurity Ipc-Hf7842F-Z-X Firmware.

Vulnerability Description

Some Dahua embedded products have a vulnerability of unauthorized modification of the device timestamp. By sending a specially crafted packet to the vulnerable interface, an attacker can modify the device system time.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Dahuasecurity	Ipc-Hf71242F-Z-X Firmware	< 2.800.0000000.4.r.210708
Dahuasecurity	Ipc-Hf71242F-Z-X	-
Dahuasecurity	Ipc-Hf7442F-Z-X Firmware	< 2.800.0000000.4.r.210708
Dahuasecurity	Ipc-Hf7442F-Z-X	-
Dahuasecurity	Ipc-Hf7842F-Z-X Firmware	< 2.800.0000000.4.r.210708
Dahuasecurity	Ipc-Hf7842F-Z-X	-
Dahuasecurity	Ipc-Hf5241F-Ze Firmware	< 2.840.0000000.18.r.220629
Dahuasecurity	Ipc-Hf5241F-Ze	-
Dahuasecurity	Ipc-Hf5442F-Ze Firmware	< 2.840.0000000.18.r.220629
Dahuasecurity	Ipc-Hf5442F-Ze	-
Dahuasecurity	Ipc-Hf5541F-Ze Firmware	< 2.840.0000000.18.r.220629
Dahuasecurity	Ipc-Hf5541F-Ze	-
Dahuasecurity	Ipc-Hf5842F-Ze Firmware	< 2.840.0000000.18.r.220629
Dahuasecurity	Ipc-Hf5842F-Ze	-
Dahuasecurity	Sd5A225Gb-Hnr Firmware	< 2.812.0000032.2.r.220804
Dahuasecurity	Sd5A225Gb-Hnr	-
Dahuasecurity	Sd5A225Gb-Hnr-Sl Firmware	< 2.812.0000032.2.r.220804
Dahuasecurity	Sd5A225Gb-Hnr-Sl	-
Dahuasecurity	Sd5A225Xa-Hnr Firmware	< 2.812.0000032.2.r.220804
Dahuasecurity	Sd5A225Xa-Hnr	-

Related Weaknesses (CWE)

CWE-284

References

https://www.dahuasecurity.com/support/cybersecurity/details/1147Vendor Advisory
https://www.dahuasecurity.com/support/cybersecurity/details/1147Vendor Advisory

FAQ

What is CVE-2022-30564?

CVE-2022-30564 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Some Dahua embedded products have a vulnerability of unauthorized modification of the device timestamp. By sending a specially crafted packet to the vulnerable interface, an attacker can modify the de...

How severe is CVE-2022-30564?

CVE-2022-30564 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-30564?

Check the references section above for vendor advisories and patch information. Affected products include: Dahuasecurity Ipc-Hf71242F-Z-X Firmware, Dahuasecurity Ipc-Hf71242F-Z-X, Dahuasecurity Ipc-Hf7442F-Z-X Firmware, Dahuasecurity Ipc-Hf7442F-Z-X, Dahuasecurity Ipc-Hf7842F-Z-X Firmware.