{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-45431", "assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad", "assignerShortName": "dahua", "dateUpdated": "2022-12-27T00:00:00", "dateReserved": "2022-11-14T00:00:00", "datePublished": "2022-12-27T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad", "shortName": "dahua", "dateUpdated": "2022-12-27T00:00:00"}, "descriptions": [{"lang": "en", "value": "Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated restart of remote DSS Server."}], "affected": [{"vendor": "n/a", "product": "DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2", "versions": [{"version": "V8.0.2, V8.0.4, V8.1", "status": "affected"}]}], "references": [{"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Improper Access Control"}]}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*", "matchCriteriaId": "D729295F-15E2-4B8D-A85C-53CAB6544144", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "266BDE37-4A75-4B7F-9627-DDE6C78FB593", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "7CA557CC-3A2B-40E0-833E-2009B6180DEB", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "E6E8AE26-5271-4BA3-8539-9B7856F5DF84", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss7016d-s2:-:*:*:*:*:*:*:*", "matchCriteriaId": "CCBDDB17-CEDD-45DA-87E0-7F15753AE9BC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*", "matchCriteriaId": "F0F2A1C3-2057-4182-B425-94C3EC1862BE", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "D6042411-429A-48BC-9D21-D8AD84DB11E6", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "11B6BBCD-0A83-4816-84F9-647403DA64F2", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "78D7D57F-36EA-42DB-866F-DC9BCEAD2235", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss7016dr-s2:-:*:*:*:*:*:*:*", "matchCriteriaId": "38A0F44A-CB7D-42EA-A8D7-373F5BD6A963", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*", "matchCriteriaId": "D4C754C4-1908-4EF2-BB70-4EA730324D98", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "4D060128-197D-4EEC-A486-364B1876A1B6", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "1E8F32EF-9A87-4807-B3C0-2DC4F17553D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "9F9CED99-BAC5-4D7C-B10F-DF16085BC888", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss4004-s2:-:*:*:*:*:*:*:*", "matchCriteriaId": "C8C804BE-2D42-4213-A108-4426F5F0E348", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dahuasecurity:dss_express:7.002.1760000.2:*:*:*:*:*:*:*", "matchCriteriaId": "3884EEA1-1A5A-465D-911A-C1468C48095C", "vulnerable": true}, {"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "546B8C47-C545-4BF6-B62E-F6D7A4EC0B9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "2FFFFF73-D666-4EFD-BC9C-F35AB0884E63", "vulnerable": true}, {"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "F79147B7-FBD0-4A5A-81A4-B902366336C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "B4A7BE6D-04EB-40CC-A59E-78922BA310EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:7.002.1760000.2:*:*:*:*:*:*:*", "matchCriteriaId": "BA1F0C70-4274-4910-A645-EC52D1CB3847", "vulnerable": true}, {"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "A7812C76-E325-4DDB-BF1F-AA0C37B073F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "F6C276F4-260B-4C98-92B7-AD5FD5B6A35C", "vulnerable": true}, {"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "50990609-E282-4FF0-B7B3-6FF641E1F836", "vulnerable": true}, {"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "6CE289B1-0442-4F55-9C8B-3B8D1B3F24E3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated restart of remote DSS Server."}, {"lang": "es", "value": "Algunos productos de software de Dahua tienen una vulnerabilidad de reinicio no autenticado del servidor DSS remoto. Despu\u00e9s de omitir la pol\u00edtica de control de acceso del firewall, al enviar un paquete manipulado espec\u00edficamente a la interfaz vulnerable, un atacante podr\u00eda reiniciar sin autenticar el servidor DSS remoto."}], "id": "CVE-2022-45431", "lastModified": "2023-08-08T14:21:49.707", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-27T18:15:10.793", "references": [{"source": "cybersecurity@dahuatech.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"}], "sourceIdentifier": "cybersecurity@dahuatech.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}