First published: Tue Dec 27 2022(Updated: )
Some Dahua software products have a vulnerability of unauthenticated enable or disable SSHD service. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could enable or disable the SSHD service.
Credit: cybersecurity@dahuatech.com cybersecurity@dahuatech.com
Affected Software | Affected Version | How to fix |
---|---|---|
Dahuasecurity Dss Express | =7.002.1760000.2 | |
Dahuasecurity Dss Express | =8.0.2 | |
Dahuasecurity Dss Express | =8.0.4 | |
Dahuasecurity Dss Express | =8.1 | |
Dahuasecurity Dss Express | =8.1.1 | |
Dahuasecurity Dss Professional | =7.002.1760000.2 | |
Dahuasecurity Dss Professional | =8.0.2 | |
Dahuasecurity Dss Professional | =8.0.4 | |
Dahuasecurity Dss Professional | =8.1 | |
Dahuasecurity Dss Professional | =8.1.1 | |
Linux Linux kernel | ||
Dahuasecurity Dhi-dss7016d-s2 Firmware | =1.001.0000001.2 | |
Dahuasecurity Dhi-dss7016d-s2 Firmware | =8.0.2 | |
Dahuasecurity Dhi-dss7016d-s2 Firmware | =8.0.4 | |
Dahuasecurity Dhi-dss7016d-s2 Firmware | =8.1 | |
Dahuasecurity Dhi-dss7016d-s2 | ||
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =1.001.0000001.2 | |
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =8.0.2 | |
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =8.0.4 | |
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =8.1 | |
Dahuasecurity Dhi-dss7016dr-s2 | ||
Dahuasecurity Dhi-dss4004-s2 Firmware | =1.001.0000001.2 | |
Dahuasecurity Dhi-dss4004-s2 Firmware | =8.0.2 | |
Dahuasecurity Dhi-dss4004-s2 Firmware | =8.0.4 | |
Dahuasecurity Dhi-dss4004-s2 Firmware | =8.1 | |
Dahuasecurity Dhi-dss4004-s2 | ||
All of | ||
Any of | ||
Dahuasecurity Dss Express | =7.002.1760000.2 | |
Dahuasecurity Dss Express | =8.0.2 | |
Dahuasecurity Dss Express | =8.0.4 | |
Dahuasecurity Dss Express | =8.1 | |
Dahuasecurity Dss Express | =8.1.1 | |
Dahuasecurity Dss Professional | =7.002.1760000.2 | |
Dahuasecurity Dss Professional | =8.0.2 | |
Dahuasecurity Dss Professional | =8.0.4 | |
Dahuasecurity Dss Professional | =8.1 | |
Dahuasecurity Dss Professional | =8.1.1 | |
Linux Linux kernel | ||
All of | ||
Any of | ||
Dahuasecurity Dhi-dss7016d-s2 Firmware | =1.001.0000001.2 | |
Dahuasecurity Dhi-dss7016d-s2 Firmware | =8.0.2 | |
Dahuasecurity Dhi-dss7016d-s2 Firmware | =8.0.4 | |
Dahuasecurity Dhi-dss7016d-s2 Firmware | =8.1 | |
Dahuasecurity Dhi-dss7016d-s2 | ||
All of | ||
Any of | ||
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =1.001.0000001.2 | |
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =8.0.2 | |
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =8.0.4 | |
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =8.1 | |
Dahuasecurity Dhi-dss7016dr-s2 | ||
All of | ||
Any of | ||
Dahuasecurity Dhi-dss4004-s2 Firmware | =1.001.0000001.2 | |
Dahuasecurity Dhi-dss4004-s2 Firmware | =8.0.2 | |
Dahuasecurity Dhi-dss4004-s2 Firmware | =8.0.4 | |
Dahuasecurity Dhi-dss4004-s2 Firmware | =8.1 | |
Dahuasecurity Dhi-dss4004-s2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-45430 is a vulnerability in some Dahua software products that allows an attacker to enable or disable the SSHD service without authentication.
The Dahua DSS Express versions 7.002.1760000.2, 8.0.2, 8.0.4, 8.1, and 8.1.1, as well as the Dahua DSS Professional versions 7.002.1760000.2, 8.0.2, 8.0.4, 8.1, and 8.1.1 are affected by CVE-2022-45430.
CVE-2022-45430 has a severity rating of low with a CVSS score of 3.7.
An attacker can exploit CVE-2022-45430 by bypassing the firewall access control policy and sending a specific crafted packet to the vulnerable interface.
You can find more information on CVE-2022-45430 on the Dahua Security support website at https://www.dahuasecurity.com/support/cybersecurity/details/1137.