CVE-2022-45423

moderate-risk

Published 2022-12-27

Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnerable interface (the credentials cannot be directly exploited).

Do I need to act?

-

0.13% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

7

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (20)

Dss Express

Dss Express

Dss Express

Dss Express

Dss Express

Dss Professional

Dss Professional

Dss Professional

Dss Professional

Dss Professional

Dhi-Dss7016D-S2 Firmware

Dhi-Dss7016D-S2 Firmware

Dhi-Dss7016D-S2 Firmware

Dhi-Dss7016D-S2 Firmware

Dhi-Dss7016Dr-S2 Firmware

Dhi-Dss7016Dr-S2 Firmware

Dhi-Dss7016Dr-S2 Firmware

Dhi-Dss7016Dr-S2 Firmware

Dhi-Dss4004-S2 Firmware

Dhi-Dss4004-S2 Firmware

Affected Vendors

Dahuasecurity

References (2)

Patch https://www.dahuasecurity.com/support/cybersecurity/details/1137

Patch https://www.dahuasecurity.com/support/cybersecurity/details/1137

47

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 1/34 · Minimal

Exposure 20/34 · Moderate