First published: Tue Dec 27 2022(Updated: )
Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnerable interface (the credentials cannot be directly exploited).
Credit: cybersecurity@dahuatech.com cybersecurity@dahuatech.com
Affected Software | Affected Version | How to fix |
---|---|---|
Dahuasecurity Dss Express | =7.002.1760000.2 | |
Dahuasecurity Dss Express | =8.0.2 | |
Dahuasecurity Dss Express | =8.0.4 | |
Dahuasecurity Dss Express | =8.1 | |
Dahuasecurity Dss Express | =8.1.1 | |
Dahuasecurity Dss Professional | =7.002.1760000.2 | |
Dahuasecurity Dss Professional | =8.0.2 | |
Dahuasecurity Dss Professional | =8.0.4 | |
Dahuasecurity Dss Professional | =8.1 | |
Dahuasecurity Dss Professional | =8.1.1 | |
Dahuasecurity Dhi-dss7016d-s2 Firmware | =1.001.0000001.2 | |
Dahuasecurity Dhi-dss7016d-s2 Firmware | =8.0.2 | |
Dahuasecurity Dhi-dss7016d-s2 Firmware | =8.0.4 | |
Dahuasecurity Dhi-dss7016d-s2 Firmware | =8.1 | |
Dahuasecurity Dhi-dss7016d-s2 | ||
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =1.001.0000001.2 | |
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =8.0.2 | |
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =8.0.4 | |
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =8.1 | |
Dahuasecurity Dhi-dss7016dr-s2 | ||
Dahuasecurity Dhi-dss4004-s2 Firmware | =1.001.0000001.2 | |
Dahuasecurity Dhi-dss4004-s2 Firmware | =8.0.2 | |
Dahuasecurity Dhi-dss4004-s2 Firmware | =8.0.4 | |
Dahuasecurity Dhi-dss4004-s2 Firmware | =8.1 | |
Dahuasecurity Dhi-dss4004-s2 | ||
All of | ||
Any of | ||
Dahuasecurity Dhi-dss7016d-s2 Firmware | =1.001.0000001.2 | |
Dahuasecurity Dhi-dss7016d-s2 Firmware | =8.0.2 | |
Dahuasecurity Dhi-dss7016d-s2 Firmware | =8.0.4 | |
Dahuasecurity Dhi-dss7016d-s2 Firmware | =8.1 | |
Dahuasecurity Dhi-dss7016d-s2 | ||
All of | ||
Any of | ||
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =1.001.0000001.2 | |
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =8.0.2 | |
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =8.0.4 | |
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =8.1 | |
Dahuasecurity Dhi-dss7016dr-s2 | ||
All of | ||
Any of | ||
Dahuasecurity Dhi-dss4004-s2 Firmware | =1.001.0000001.2 | |
Dahuasecurity Dhi-dss4004-s2 Firmware | =8.0.2 | |
Dahuasecurity Dhi-dss4004-s2 Firmware | =8.0.4 | |
Dahuasecurity Dhi-dss4004-s2 Firmware | =8.1 | |
Dahuasecurity Dhi-dss4004-s2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Dahua software vulnerability is CVE-2022-45423.
CVE-2022-45423 has a severity rating of 7.5 (High).
The following Dahua software products are affected by this vulnerability: Dahuasecurity Dss Express (version 7.002.1760000.2, 8.0.2, 8.0.4, 8.1, 8.1.1), Dahuasecurity Dss Professional (version 7.002.1760000.2, 8.0.2, 8.0.4, 8.1, 8.1.1), Dahuasecurity Dhi-dss7016d-s2 Firmware (version 1.001.0000001.2, 8.0.2, 8.0.4, 8.1), Dahuasecurity Dhi-dss7016dr-s2 Firmware (version 1.001.0000001.2, 8.0.2, 8.0.4, 8.1), Dahuasecurity Dhi-dss4004-s2 Firmware (version 1.001.0000001.2, 8.0.2, 8.0.4, 8.1).
An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnerable interface, although the credentials cannot be directly exploited.
You can find more information about CVE-2022-45423 at the following reference link: [Dahua Security Cybersecurity Advisory](https://www.dahuasecurity.com/support/cybersecurity/details/1137).