CVE-2022-30564

high-risk

Published 2023-02-09

Some Dahua embedded products have a vulnerability of unauthorized modification of the device timestamp. By sending a specially crafted packet to the vulnerable interface, an attacker can modify the device system time.

Do I need to act?

0.18% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Ipc-Hf71242F-Z-X Firmware

Ipc-Hf7442F-Z-X Firmware

Ipc-Hf7842F-Z-X Firmware

Ipc-Hf5241F-Ze Firmware

Ipc-Hf5442F-Ze Firmware

Ipc-Hf5541F-Ze Firmware

Ipc-Hf5842F-Ze Firmware

Sd5A225Gb-Hnr Firmware

Sd5A225Gb-Hnr-Sl Firmware

Sd5A225Xa-Hnr Firmware

Sd5A225Xa-Hnr-Sl Firmware

Sd5A232Gb-Hnr Firmware

Sd5A232Xb-Hnr Firmware

Sd5A232Xb-Hnr-Ac Firmware

Sd5A232Xb-Hnr-P Firmware

Sd5A245Gb-Hnr Firmware

Sd5A245Xa-Hnr Firmware

Sd5A425Ga-Hnr Firmware

Sd5A425Xa-Hnr Firmware

Sd5A432Gb-Hnr Firmware

Affected Vendors

Dahuasecurity

References (2)

Vendor Advisory https://www.dahuasecurity.com/support/cybersecurity/details/1147

/ 100

high-risk

Severity 21/34 · High

Exploitability 1/34 · Minimal

Exposure 30/34 · Critical