Vulnerability Description
Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could exploit the victim server to launch ICMP request attack to the designated target host.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dahuasecurity | Dhi-Dss7016D-S2 Firmware | 1.001.0000001.2 |
| Dahuasecurity | Dhi-Dss7016D-S2 | - |
| Dahuasecurity | Dhi-Dss7016Dr-S2 Firmware | 1.001.0000001.2 |
| Dahuasecurity | Dhi-Dss7016Dr-S2 | - |
| Dahuasecurity | Dhi-Dss4004-S2 Firmware | 1.001.0000001.2 |
| Dahuasecurity | Dhi-Dss4004-S2 | - |
| Dahuasecurity | Dss Express | 7.002.1760000.2 |
| Dahuasecurity | Dss Professional | 7.002.1760000.2 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://www.dahuasecurity.com/support/cybersecurity/details/1137PatchVendor Advisory
- https://www.dahuasecurity.com/support/cybersecurity/details/1137PatchVendor Advisory
FAQ
What is CVE-2022-45434?
CVE-2022-45434 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted ...
How severe is CVE-2022-45434?
CVE-2022-45434 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-45434?
Check the references section above for vendor advisories and patch information. Affected products include: Dahuasecurity Dhi-Dss7016D-S2 Firmware, Dahuasecurity Dhi-Dss7016D-S2, Dahuasecurity Dhi-Dss7016Dr-S2 Firmware, Dahuasecurity Dhi-Dss7016Dr-S2, Dahuasecurity Dhi-Dss4004-S2 Firmware.