5.3

CVE-2022-45432

Some Dahua software products have a vulnerability of unauthenticated search for devices. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated search for devices in range of IPs from remote DSS Server.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DahuasecurityDhi-dss7016d-s2 Firmware Version1.001.0000001.2
   DahuasecurityDhi-dss7016d-s2 Version-
DahuasecurityDhi-dss7016dr-s2 Firmware Version1.001.0000001.2
   DahuasecurityDhi-dss7016dr-s2 Version-
DahuasecurityDhi-dss4004-s2 Firmware Version1.001.0000001.2
   DahuasecurityDhi-dss4004-s2 Version-
DahuasecurityDss Express Version7.002.1760000.2
   MicrosoftWindows Version-
DahuasecurityDss Express Version8.0.2
   MicrosoftWindows Version-
DahuasecurityDss Express Version8.0.4
   MicrosoftWindows Version-
DahuasecurityDss Express Version8.1
   MicrosoftWindows Version-
DahuasecurityDss Express Version8.1.1
   MicrosoftWindows Version-
DahuasecurityDss Professional Version7.002.1760000.2
   MicrosoftWindows Version-
DahuasecurityDss Professional Version8.0.2
   MicrosoftWindows Version-
DahuasecurityDss Professional Version8.0.4
   MicrosoftWindows Version-
DahuasecurityDss Professional Version8.1
   MicrosoftWindows Version-
DahuasecurityDss Professional Version8.1.1
   MicrosoftWindows Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.1% 0.285
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.