CVE-2022-45426

moderate-risk

Published 2022-12-27

Some Dahua software products have a vulnerability of unrestricted download of file. After obtaining the permissions of ordinary users, by sending a specific crafted packet to the vulnerable interface, an attacker can download arbitrary files.

Do I need to act?

-

0.10% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

6

CVSS 6.5/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Dss Express

Dss Express

Dss Express

Dss Express

Dss Express

Dss Professional

Dss Professional

Dss Professional

Dss Professional

Dss Professional

Dhi-Dss7016D-S2 Firmware

Dhi-Dss7016D-S2 Firmware

Dhi-Dss7016D-S2 Firmware

Dhi-Dss7016D-S2 Firmware

Dhi-Dss7016Dr-S2 Firmware

Dhi-Dss7016Dr-S2 Firmware

Dhi-Dss7016Dr-S2 Firmware

Dhi-Dss7016Dr-S2 Firmware

Dhi-Dss4004-S2 Firmware

Dhi-Dss4004-S2 Firmware

Affected Vendors

Dahuasecurity

References (2)

Patch https://www.dahuasecurity.com/support/cybersecurity/details/1137

Patch https://www.dahuasecurity.com/support/cybersecurity/details/1137

44

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 0/34 · Minimal

Exposure 20/34 · Moderate