First published: Tue Dec 27 2022(Updated: )
Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An attacker can obtain the AES crypto key by exploiting this vulnerability.
Credit: cybersecurity@dahuatech.com cybersecurity@dahuatech.com
Affected Software | Affected Version | How to fix |
---|---|---|
Dahuasecurity Dss Express | =7.002.1760000.2 | |
Dahuasecurity Dss Express | =8.0.2 | |
Dahuasecurity Dss Express | =8.0.4 | |
Dahuasecurity Dss Express | =8.1 | |
Dahuasecurity Dss Express | =8.1.1 | |
Dahuasecurity Dss Professional | =7.002.1760000.2 | |
Dahuasecurity Dss Professional | =8.0.2 | |
Dahuasecurity Dss Professional | =8.0.4 | |
Dahuasecurity Dss Professional | =8.1 | |
Dahuasecurity Dss Professional | =8.1.1 | |
Dahuasecurity Dhi-dss7016d-s2 Firmware | =1.001.0000001.2 | |
Dahuasecurity Dhi-dss7016d-s2 Firmware | =8.0.2 | |
Dahuasecurity Dhi-dss7016d-s2 Firmware | =8.0.4 | |
Dahuasecurity Dhi-dss7016d-s2 Firmware | =8.1 | |
Dahuasecurity Dhi-dss7016d-s2 | ||
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =1.001.0000001.2 | |
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =8.0.2 | |
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =8.0.4 | |
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =8.1 | |
Dahuasecurity Dhi-dss7016dr-s2 | ||
Dahuasecurity Dhi-dss4004-s2 Firmware | =1.001.0000001.2 | |
Dahuasecurity Dhi-dss4004-s2 Firmware | =8.0.2 | |
Dahuasecurity Dhi-dss4004-s2 Firmware | =8.0.4 | |
Dahuasecurity Dhi-dss4004-s2 Firmware | =8.1 | |
Dahuasecurity Dhi-dss4004-s2 | ||
All of | ||
Any of | ||
Dahuasecurity Dhi-dss7016d-s2 Firmware | =1.001.0000001.2 | |
Dahuasecurity Dhi-dss7016d-s2 Firmware | =8.0.2 | |
Dahuasecurity Dhi-dss7016d-s2 Firmware | =8.0.4 | |
Dahuasecurity Dhi-dss7016d-s2 Firmware | =8.1 | |
Dahuasecurity Dhi-dss7016d-s2 | ||
All of | ||
Any of | ||
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =1.001.0000001.2 | |
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =8.0.2 | |
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =8.0.4 | |
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =8.1 | |
Dahuasecurity Dhi-dss7016dr-s2 | ||
All of | ||
Any of | ||
Dahuasecurity Dhi-dss4004-s2 Firmware | =1.001.0000001.2 | |
Dahuasecurity Dhi-dss4004-s2 Firmware | =8.0.2 | |
Dahuasecurity Dhi-dss4004-s2 Firmware | =8.0.4 | |
Dahuasecurity Dhi-dss4004-s2 Firmware | =8.1 | |
Dahuasecurity Dhi-dss4004-s2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-45425 is a vulnerability found in some Dahua software products where a hard-coded cryptographic key is used, allowing an attacker to obtain the AES crypto key.
Some of the affected Dahua software products include Dahuasecurity Dss Express (version 7.002.1760000.2, 8.0.2, 8.0.4, 8.1, 8.1.1) and Dahuasecurity Dss Professional (version 7.002.1760000.2, 8.0.2, 8.0.4, 8.1, 8.1.1).
CVE-2022-45425 has a severity level of 7.5 (high).
An attacker can exploit CVE-2022-45425 by exploiting the vulnerability in the Dahua software products to obtain the AES crypto key.
Information on fixes for CVE-2022-45425 can be found on the Dahua Security website using the provided reference link.