CVE-2022-30563
moderate-risk
Published 2022-06-28
When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user's login packet.
Do I need to act?
-
0.49% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.4/10
High
NETWORK
/ HIGH complexity
Affected Products (20)
Ipc-Hdbw2431E-S-S2 Firmware
Ipc-Hdbw2831E-S-S2 Firmware
Ipc-Hdbw2230E-S-S2 Firmware
Ipc-Hdbw2831R-Zs-S2 Firmware
Ipc-Hdbw2831R-Zas-S2 Firmware
Ipc-Hdbw2531R-Zs-S2 Firmware
Ipc-Hdbw2531R-Zas-S2 Firmware
Ipc-Hdbw2531E-S-S2 Firmware
Ipc-Hdbw2431R-Zs-S2 Firmware
Ipc-Hdbw2431R-Zas-S2 Firmware
Ipc-Hdbw2231F-As-S2 Firmware
Ipc-Hdbw2231E-S-S2 Firmware
Ipc-Hdbw2231R-Zs-S2 Firmware
Ipc-Hdbw2231R-Zas-S2 Firmware
Ipc-Hfw2231M-As-I2-B-S2 Firmware
Ipc-Hfw2231T-As-S2 Firmware
Ipc-Hfw2231S-S-S2 Firmware
Ipc-Hfw2231T-Zs-S2 Firmware
Ipc-Hfw2231T-Zas-S2 Firmware
Ipc-Hfw2230S-S-S2 Firmware
Affected Vendors
References (2)
Vendor Advisory
https://www.dahuasecurity.com/support/cybersecurity/details/1017
Vendor Advisory
https://www.dahuasecurity.com/support/cybersecurity/details/1017
48
/ 100
moderate-risk
Severity
22/34 · High
Exploitability
2/34 · Minimal
Exposure
24/34 · High