CVE-2022-45425

moderate-risk

Published 2022-12-27

Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An attacker can obtain the AES crypto key by exploiting this vulnerability.

Do I need to act?

-

0.28% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

7

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (20)

Dss Express

Dss Express

Dss Express

Dss Express

Dss Express

Dss Professional

Dss Professional

Dss Professional

Dss Professional

Dss Professional

Dhi-Dss7016D-S2 Firmware

Dhi-Dss7016D-S2 Firmware

Dhi-Dss7016D-S2 Firmware

Dhi-Dss7016D-S2 Firmware

Dhi-Dss7016Dr-S2 Firmware

Dhi-Dss7016Dr-S2 Firmware

Dhi-Dss7016Dr-S2 Firmware

Dhi-Dss7016Dr-S2 Firmware

Dhi-Dss4004-S2 Firmware

Dhi-Dss4004-S2 Firmware

Affected Vendors

Dahuasecurity

References (2)

Patch https://www.dahuasecurity.com/support/cybersecurity/details/1137

Patch https://www.dahuasecurity.com/support/cybersecurity/details/1137

47

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 1/34 · Minimal

Exposure 20/34 · Moderate