Vulnerability Description
Some Dahua software products have a vulnerability of unauthenticated search for devices. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated search for devices in range of IPs from remote DSS Server.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dahuasecurity | Dhi-Dss7016D-S2 Firmware | 1.001.0000001.2 |
| Dahuasecurity | Dhi-Dss7016D-S2 | - |
| Dahuasecurity | Dhi-Dss7016Dr-S2 Firmware | 1.001.0000001.2 |
| Dahuasecurity | Dhi-Dss7016Dr-S2 | - |
| Dahuasecurity | Dhi-Dss4004-S2 Firmware | 1.001.0000001.2 |
| Dahuasecurity | Dhi-Dss4004-S2 | - |
| Dahuasecurity | Dss Express | 7.002.1760000.2 |
| Dahuasecurity | Dss Professional | 7.002.1760000.2 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://www.dahuasecurity.com/support/cybersecurity/details/1137PatchVendor Advisory
- https://www.dahuasecurity.com/support/cybersecurity/details/1137PatchVendor Advisory
FAQ
What is CVE-2022-45432?
CVE-2022-45432 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Some Dahua software products have a vulnerability of unauthenticated search for devices. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable inte...
How severe is CVE-2022-45432?
CVE-2022-45432 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-45432?
Check the references section above for vendor advisories and patch information. Affected products include: Dahuasecurity Dhi-Dss7016D-S2 Firmware, Dahuasecurity Dhi-Dss7016D-S2, Dahuasecurity Dhi-Dss7016Dr-S2 Firmware, Dahuasecurity Dhi-Dss7016Dr-S2, Dahuasecurity Dhi-Dss4004-S2 Firmware.