First published: Tue Dec 27 2022(Updated: )
Some Dahua software products have a vulnerability of server-side request forgery (SSRF). An Attacker can access internal resources by concatenating links (URL) that conform to specific rules.
Credit: cybersecurity@dahuatech.com cybersecurity@dahuatech.com
Affected Software | Affected Version | How to fix |
---|---|---|
Dahuasecurity Dss Express | =7.002.1760000.2 | |
Dahuasecurity Dss Express | =8.0.2 | |
Dahuasecurity Dss Express | =8.0.4 | |
Dahuasecurity Dss Express | =8.1 | |
Dahuasecurity Dss Express | =8.1.1 | |
Dahuasecurity Dss Professional | =7.002.1760000.2 | |
Dahuasecurity Dss Professional | =8.0.2 | |
Dahuasecurity Dss Professional | =8.0.4 | |
Dahuasecurity Dss Professional | =8.1 | |
Dahuasecurity Dss Professional | =8.1.1 | |
Dahuasecurity Dhi-dss7016d-s2 Firmware | =1.001.0000001.2 | |
Dahuasecurity Dhi-dss7016d-s2 Firmware | =8.0.2 | |
Dahuasecurity Dhi-dss7016d-s2 Firmware | =8.0.4 | |
Dahuasecurity Dhi-dss7016d-s2 Firmware | =8.1 | |
Dahuasecurity Dhi-dss7016d-s2 | ||
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =1.001.0000001.2 | |
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =8.0.2 | |
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =8.0.4 | |
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =8.1 | |
Dahuasecurity Dhi-dss7016dr-s2 | ||
Dahuasecurity Dhi-dss4004-s2 Firmware | =1.001.0000001.2 | |
Dahuasecurity Dhi-dss4004-s2 Firmware | =8.0.2 | |
Dahuasecurity Dhi-dss4004-s2 Firmware | =8.0.4 | |
Dahuasecurity Dhi-dss4004-s2 Firmware | =8.1 | |
Dahuasecurity Dhi-dss4004-s2 | ||
All of | ||
Any of | ||
Dahuasecurity Dhi-dss7016d-s2 Firmware | =1.001.0000001.2 | |
Dahuasecurity Dhi-dss7016d-s2 Firmware | =8.0.2 | |
Dahuasecurity Dhi-dss7016d-s2 Firmware | =8.0.4 | |
Dahuasecurity Dhi-dss7016d-s2 Firmware | =8.1 | |
Dahuasecurity Dhi-dss7016d-s2 | ||
All of | ||
Any of | ||
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =1.001.0000001.2 | |
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =8.0.2 | |
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =8.0.4 | |
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =8.1 | |
Dahuasecurity Dhi-dss7016dr-s2 | ||
All of | ||
Any of | ||
Dahuasecurity Dhi-dss4004-s2 Firmware | =1.001.0000001.2 | |
Dahuasecurity Dhi-dss4004-s2 Firmware | =8.0.2 | |
Dahuasecurity Dhi-dss4004-s2 Firmware | =8.0.4 | |
Dahuasecurity Dhi-dss4004-s2 Firmware | =8.1 | |
Dahuasecurity Dhi-dss4004-s2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this Dahua software vulnerability is CVE-2022-45429.
The severity of CVE-2022-45429 is high, with a severity value of 7.5.
Dahuasecurity Dss Express versions 7.002.1760000.2, 8.0.2, 8.0.4, 8.1, and 8.1.1, as well as Dahuasecurity Dss Professional versions 7.002.1760000.2, 8.0.2, 8.0.4, and 8.1.1 are affected by CVE-2022-45429.
The vulnerability type of CVE-2022-45429 is server-side request forgery (SSRF).
An attacker can exploit CVE-2022-45429 by accessing internal resources through concatenating specific URL links.