CVE-2022-45431

moderate-risk

Published 2022-12-27

Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated restart of remote DSS Server.

Do I need to act?

-

0.18% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

7

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (20)

Dhi-Dss7016D-S2 Firmware

Dhi-Dss7016D-S2 Firmware

Dhi-Dss7016D-S2 Firmware

Dhi-Dss7016D-S2 Firmware

Dhi-Dss7016Dr-S2 Firmware

Dhi-Dss7016Dr-S2 Firmware

Dhi-Dss7016Dr-S2 Firmware

Dhi-Dss7016Dr-S2 Firmware

Dhi-Dss4004-S2 Firmware

Dhi-Dss4004-S2 Firmware

Dhi-Dss4004-S2 Firmware

Dhi-Dss4004-S2 Firmware

Dss Express

Dss Express

Dss Express

Dss Express

Dss Express

Dss Professional

Dss Professional

Dss Professional

Affected Vendors

Dahuasecurity

References (2)

Patch https://www.dahuasecurity.com/support/cybersecurity/details/1137

Patch https://www.dahuasecurity.com/support/cybersecurity/details/1137

47

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 1/34 · Minimal

Exposure 20/34 · Moderate