CVE-2022-45427

moderate-risk

Published 2022-12-27

Some Dahua software products have a vulnerability of unrestricted upload of file. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can upload arbitrary files.

Do I need to act?

-

0.18% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

7

CVSS 7.2/10 High

NETWORK / LOW complexity

Affected Products (20)

Dss Express

Dss Express

Dss Express

Dss Express

Dss Express

Dss Professional

Dss Professional

Dss Professional

Dss Professional

Dss Professional

Dhi-Dss7016D-S2 Firmware

Dhi-Dss7016D-S2 Firmware

Dhi-Dss7016D-S2 Firmware

Dhi-Dss7016D-S2 Firmware

Dhi-Dss7016Dr-S2 Firmware

Dhi-Dss7016Dr-S2 Firmware

Dhi-Dss7016Dr-S2 Firmware

Dhi-Dss7016Dr-S2 Firmware

Dhi-Dss4004-S2 Firmware

Dhi-Dss4004-S2 Firmware

Affected Vendors

Dahuasecurity

References (2)

Patch https://www.dahuasecurity.com/support/cybersecurity/details/1137

Patch https://www.dahuasecurity.com/support/cybersecurity/details/1137

47

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 1/34 · Minimal

Exposure 20/34 · Moderate