CVSS: 3.7EPSS: 0%CPEs: 26EXPL: 0CVE-2022-45430
https://notcve.org/view.php?id=CVE-2022-45430
27 Dec 2022 — Some Dahua software products have a vulnerability of unauthenticated enable or disable SSHD service. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could enable or disable the SSHD service. Algunos productos de software de Dahua tienen la vulnerabilidad de habilitar o deshabilitar el servicio SSHD sin autenticación. Después de omitir la política de control de acceso del firewall, al enviar un paquete manipulado específicament... • https://www.dahuasecurity.com/support/cybersecurity/details/1137 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2022-45423
https://notcve.org/view.php?id=CVE-2022-45423
27 Dec 2022 — Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnerable interface (the credentials cannot be directly exploited). Algunos productos de software de Dahua tienen una vulnerabilidad de solicitud no autenticada de credenciales MQTT. Un atacante puede obtener credenciales MQTT cifradas enviando un paquete manipulado específicamente a la interfaz vulnerable (las creden... • https://www.dahuasecurity.com/support/cybersecurity/details/1137 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2022-45431
https://notcve.org/view.php?id=CVE-2022-45431
27 Dec 2022 — Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated restart of remote DSS Server. Algunos productos de software de Dahua tienen una vulnerabilidad de reinicio no autenticado del servidor DSS remoto. Después de omitir la política de control de acceso del firewall, al enviar un paquete manipulado específicamente a... • https://www.dahuasecurity.com/support/cybersecurity/details/1137 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2022-45429
https://notcve.org/view.php?id=CVE-2022-45429
27 Dec 2022 — Some Dahua software products have a vulnerability of server-side request forgery (SSRF). An Attacker can access internal resources by concatenating links (URL) that conform to specific rules. Algunos productos de software de Dahua tienen una vulnerabilidad de server-side request forgery (SSRF). Un atacante puede acceder a recursos internos concatenando enlaces (URL) que se ajusten a reglas específicas. • https://www.dahuasecurity.com/support/cybersecurity/details/1137 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 3.7EPSS: 0%CPEs: 26EXPL: 0CVE-2022-45433
https://notcve.org/view.php?id=CVE-2022-45433
27 Dec 2022 — Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could get the traceroute results. Algunos productos de software de Dahua tienen una vulnerabilidad de host de traceroute no autenticado desde un servidor DSS remoto. Después de omitir la política de control de acceso del firewall, al enviar un paquete manipulado específica... • https://www.dahuasecurity.com/support/cybersecurity/details/1137 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.3EPSS: 0%CPEs: 26EXPL: 0CVE-2022-45432
https://notcve.org/view.php?id=CVE-2022-45432
27 Dec 2022 — Some Dahua software products have a vulnerability of unauthenticated search for devices. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated search for devices in range of IPs from remote DSS Server. Algunos productos de software de Dahua tienen la vulnerabilidad de búsqueda de dispositivos no autenticados. Después de omitir la política de control de acceso del firewall, al enviar un paquete manipulado especí... • https://www.dahuasecurity.com/support/cybersecurity/details/1137 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.9EPSS: 0%CPEs: 26EXPL: 0CVE-2022-45434
https://notcve.org/view.php?id=CVE-2022-45434
27 Dec 2022 — Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could exploit the victim server to launch ICMP request attack to the designated target host. Algunos productos de software de Dahua tienen una vulnerabilidad de solicitudes ICMP no autenticadas y no limitadas en un servidor DSS remoto. Después de omitir la polític... • https://www.dahuasecurity.com/support/cybersecurity/details/1137 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 25EXPL: 0CVE-2022-45424
https://notcve.org/view.php?id=CVE-2022-45424
27 Dec 2022 — Some Dahua software products have a vulnerability of unauthenticated request of AES crypto key. An attacker can obtain the AES crypto key by sending a specific crafted packet to the vulnerable interface. Algunos productos de software de Dahua tienen una vulnerabilidad de solicitud no autenticada de clave criptográfica AES. Un atacante puede obtener la clave criptográfica AES enviando un paquete diseñado específicamente a la interfaz vulnerable. • https://www.dahuasecurity.com/support/cybersecurity/details/1137 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2022-45425
https://notcve.org/view.php?id=CVE-2022-45425
27 Dec 2022 — Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An attacker can obtain the AES crypto key by exploiting this vulnerability. Algunos productos de software de Dahua tienen la vulnerabilidad de utilizar claves criptográficas codificadas. Un atacante puede obtener la clave criptográfica AES explotando esta vulnerabilidad. • https://www.dahuasecurity.com/support/cybersecurity/details/1137 • CWE-798: Use of Hard-coded Credentials •
CVSS: 6.8EPSS: 0%CPEs: 25EXPL: 0CVE-2022-45426
https://notcve.org/view.php?id=CVE-2022-45426
27 Dec 2022 — Some Dahua software products have a vulnerability of unrestricted download of file. After obtaining the permissions of ordinary users, by sending a specific crafted packet to the vulnerable interface, an attacker can download arbitrary files. Algunos productos de software de Dahua tienen una vulnerabilidad de descarga de archivos sin restricciones. Después de obtener los permisos de los usuarios normales, al enviar un paquete manipulado específicamente a la interfaz vulnerable, un atacante puede descargar a... • https://www.dahuasecurity.com/support/cybersecurity/details/1137 • CWE-552: Files or Directories Accessible to External Parties •