CVE-2022-45429

Some Dahua software products have a vulnerability of server-side request forgery (SSRF). An Attacker can access internal resources by concatenating links (URL) that conform to specific rules.

Weakness

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Affected Software

Name	Vendor	Start Version	End Version
Dss_express	Dahuasecurity	7.002.1760000.2 (including)	7.002.1760000.2 (including)
Dss_express	Dahuasecurity	8.0.2 (including)	8.0.2 (including)
Dss_express	Dahuasecurity	8.0.4 (including)	8.0.4 (including)
Dss_express	Dahuasecurity	8.1 (including)	8.1 (including)
Dss_express	Dahuasecurity	8.1.1 (including)	8.1.1 (including)
Dss_professional	Dahuasecurity	7.002.1760000.2 (including)	7.002.1760000.2 (including)
Dss_professional	Dahuasecurity	8.0.2 (including)	8.0.2 (including)
Dss_professional	Dahuasecurity	8.0.4 (including)	8.0.4 (including)
Dss_professional	Dahuasecurity	8.1 (including)	8.1 (including)
Dss_professional	Dahuasecurity	8.1.1 (including)	8.1.1 (including)

https://cwe.mitre.org/data/definitions/664.html

References

https://www.dahuasecurity.com/support/cybersecurity/details/1137

NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-45429
CWE	https://cwe.mitre.org/data/definitions/918.html

Server-Side Request Forgery (SSRF)

Weakness

Affected Software

Related Attack Patterns

References