First published: Tue Dec 27 2022(Updated: )
Some Dahua software products have a vulnerability of unauthenticated search for devices. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated search for devices in range of IPs from remote DSS Server.
Credit: cybersecurity@dahuatech.com cybersecurity@dahuatech.com
Affected Software | Affected Version | How to fix |
---|---|---|
Dahuasecurity Dhi-dss7016d-s2 Firmware | =1.001.0000001.2 | |
Dahuasecurity Dhi-dss7016d-s2 Firmware | =8.0.2 | |
Dahuasecurity Dhi-dss7016d-s2 Firmware | =8.0.4 | |
Dahuasecurity Dhi-dss7016d-s2 Firmware | =8.1 | |
Dahuasecurity Dhi-dss7016d-s2 | ||
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =1.001.0000001.2 | |
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =8.0.2 | |
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =8.0.4 | |
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =8.1 | |
Dahuasecurity Dhi-dss7016dr-s2 | ||
Dahuasecurity Dhi-dss4004-s2 Firmware | =1.001.0000001.2 | |
Dahuasecurity Dhi-dss4004-s2 Firmware | =8.0.2 | |
Dahuasecurity Dhi-dss4004-s2 Firmware | =8.0.4 | |
Dahuasecurity Dhi-dss4004-s2 Firmware | =8.1 | |
Dahuasecurity Dhi-dss4004-s2 | ||
Dahuasecurity Dss Express | =7.002.1760000.2 | |
Dahuasecurity Dss Express | =8.0.2 | |
Dahuasecurity Dss Express | =8.0.4 | |
Dahuasecurity Dss Express | =8.1 | |
Dahuasecurity Dss Express | =8.1.1 | |
Dahuasecurity Dss Professional | =7.002.1760000.2 | |
Dahuasecurity Dss Professional | =8.0.2 | |
Dahuasecurity Dss Professional | =8.0.4 | |
Dahuasecurity Dss Professional | =8.1 | |
Dahuasecurity Dss Professional | =8.1.1 | |
Microsoft Windows | ||
All of | ||
Any of | ||
Dahuasecurity Dhi-dss7016d-s2 Firmware | =1.001.0000001.2 | |
Dahuasecurity Dhi-dss7016d-s2 Firmware | =8.0.2 | |
Dahuasecurity Dhi-dss7016d-s2 Firmware | =8.0.4 | |
Dahuasecurity Dhi-dss7016d-s2 Firmware | =8.1 | |
Dahuasecurity Dhi-dss7016d-s2 | ||
All of | ||
Any of | ||
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =1.001.0000001.2 | |
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =8.0.2 | |
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =8.0.4 | |
Dahuasecurity Dhi-dss7016dr-s2 Firmware | =8.1 | |
Dahuasecurity Dhi-dss7016dr-s2 | ||
All of | ||
Any of | ||
Dahuasecurity Dhi-dss4004-s2 Firmware | =1.001.0000001.2 | |
Dahuasecurity Dhi-dss4004-s2 Firmware | =8.0.2 | |
Dahuasecurity Dhi-dss4004-s2 Firmware | =8.0.4 | |
Dahuasecurity Dhi-dss4004-s2 Firmware | =8.1 | |
Dahuasecurity Dhi-dss4004-s2 | ||
All of | ||
Any of | ||
Dahuasecurity Dss Express | =7.002.1760000.2 | |
Dahuasecurity Dss Express | =8.0.2 | |
Dahuasecurity Dss Express | =8.0.4 | |
Dahuasecurity Dss Express | =8.1 | |
Dahuasecurity Dss Express | =8.1.1 | |
Dahuasecurity Dss Professional | =7.002.1760000.2 | |
Dahuasecurity Dss Professional | =8.0.2 | |
Dahuasecurity Dss Professional | =8.0.4 | |
Dahuasecurity Dss Professional | =8.1 | |
Dahuasecurity Dss Professional | =8.1.1 | |
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-45432 is a vulnerability in some Dahua software products that allows unauthenticated search for devices.
CVE-2022-45432 allows an attacker to bypass the firewall access control policy and send a specific crafted packet to search for devices within a range of IPs.
Some versions of Dahua DSS Server, Dhi-dss7016d-s2 Firmware, Dhi-dss7016dr-s2 Firmware, Dhi-dss4004-s2 Firmware, Dss Express, and Dss Professional are affected by CVE-2022-45432.
CVE-2022-45432 has a severity rating of 5.3 (Medium).
You can find more information about CVE-2022-45432 on the official Dahua Security website.