CVE-2022-45429

Published: Dec 27, 2022Modified: Apr 12, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Some Dahua software products have a vulnerability of server-side request forgery (SSRF). An Attacker can access internal resources by concatenating links (URL) that conform to specific rules.

Affected (22)

Products: Dahuasecurity: Dss Express, Dss Professional, Dhi Dss7016d S2 Firmware, Dhi Dss7016dr S2 Firmware, Dhi Dss4004 S2 Firmware

Dahuasecurity

5 products

Dss Express

Dss Professional

Dhi Dss7016d S2 Firmware

Dhi Dss7016dr S2 Firmware

Dhi Dss4004 S2 Firmware

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Dahuasecurity Dss Express	Version 7.002.1760000.2
Dahuasecurity Dss Express	Version 8.0.2
Dahuasecurity Dss Express	Version 8.0.4
Dahuasecurity Dss Express	Version 8.1.1
Dahuasecurity Dss Express	Version 8.1
Dahuasecurity Dss Professional	Version 7.002.1760000.2
Dahuasecurity Dss Professional	Version 8.0.2
Dahuasecurity Dss Professional	Version 8.0.4
Dahuasecurity Dss Professional	Version 8.1.1
Dahuasecurity Dss Professional	Version 8.1

Configuration B

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Dhi Dss7016d S2 Firmware	Version 1.001.0000001.2
Dahuasecurity Dhi Dss7016d S2 Firmware	Version 8.0.2
Dahuasecurity Dhi Dss7016d S2 Firmware	Version 8.0.4
Dahuasecurity Dhi Dss7016d S2 Firmware	Version 8.1

Running on/with	Platform Versions
Dahuasecurity Dhi Dss7016d S2	All versions

Configuration C

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Dhi Dss7016dr S2 Firmware	Version 1.001.0000001.2
Dahuasecurity Dhi Dss7016dr S2 Firmware	Version 8.0.2
Dahuasecurity Dhi Dss7016dr S2 Firmware	Version 8.0.4
Dahuasecurity Dhi Dss7016dr S2 Firmware	Version 8.1

Running on/with	Platform Versions
Dahuasecurity Dhi Dss7016dr S2	All versions

Configuration D

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Dhi Dss4004 S2 Firmware	Version 1.001.0000001.2
Dahuasecurity Dhi Dss4004 S2 Firmware	Version 8.0.2
Dahuasecurity Dhi Dss4004 S2 Firmware	Version 8.0.4
Dahuasecurity Dhi Dss4004 S2 Firmware	Version 8.1

Running on/with	Platform Versions
Dahuasecurity Dhi Dss4004 S2	All versions

Related CWEs

CWE-918

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (2)

https://www.dahuasecurity.com/support/cybersecurity/details/1137

Source: cybersecurity@dahuatech.com

PatchVendor Advisory

https://www.dahuasecurity.com/support/cybersecurity/details/1137

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.