CVE-2022-45432 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2022-45432

CWE

https://cwe.mitre.org/data/definitions/.html

Some Dahua software products have a vulnerability of unauthenticated search for devices. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated search for devices in range of IPs from remote DSS Server.

Affected Software

Name	Vendor	Start Version	End Version
Dhi-dss7016d-s2_firmware	Dahuasecurity	1.001.0000001.2 (including)	1.001.0000001.2 (including)
Dhi-dss7016d-s2_firmware	Dahuasecurity	8.0.2 (including)	8.0.2 (including)
Dhi-dss7016d-s2_firmware	Dahuasecurity	8.0.4 (including)	8.0.4 (including)
Dhi-dss7016d-s2_firmware	Dahuasecurity	8.1 (including)	8.1 (including)

References

https://www.dahuasecurity.com/support/cybersecurity/details/1137