Dss Express

dss_express

Vendor: Dahuasecurity • 12 CVEs

CVEs (12)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-45434 1Dahuasecurity 5Dhi Dss4004 S2 Firmware Dhi Dss7016d S2 FirmwareDhi Dss7016dr S2 Firmware+2 more Apr 14, 2025 Dec 27, 2022 N/A· v4 5.9 MEDIUM· v3 N/A· v2 Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulner...Show more Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could exploit the victim server to launch ICMP request attack to the designated target host.Show less
CVE-2022-45433 1Dahuasecurity 5Dhi Dss4004 S2 Firmware Dhi Dss7016d S2 FirmwareDhi Dss7016dr S2 Firmware+2 more Apr 14, 2025 Dec 27, 2022 N/A· v4 3.7 LOW· v3 N/A· v2 Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable inte...Show more Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could get the traceroute results.Show less
CVE-2022-45432 1Dahuasecurity 5Dhi Dss4004 S2 Firmware Dhi Dss7016d S2 FirmwareDhi Dss7016dr S2 Firmware+2 more Apr 14, 2025 Dec 27, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Some Dahua software products have a vulnerability of unauthenticated search for devices. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker c...Show more Some Dahua software products have a vulnerability of unauthenticated search for devices. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated search for devices in range of IPs from remote DSS Server.Show less
CVE-2022-45431 1Dahuasecurity 5Dhi Dss4004 S2 Firmware Dhi Dss7016d S2 FirmwareDhi Dss7016dr S2 Firmware+2 more Apr 11, 2025 Dec 27, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an...Show more Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated restart of remote DSS Server.Show less
CVE-2022-45430 1Dahuasecurity 5Dhi Dss4004 S2 Firmware Dhi Dss7016d S2 FirmwareDhi Dss7016dr S2 Firmware+2 more Apr 11, 2025 Dec 27, 2022 N/A· v4 3.7 LOW· v3 N/A· v2 Some Dahua software products have a vulnerability of unauthenticated enable or disable SSHD service. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, a...Show more Some Dahua software products have a vulnerability of unauthenticated enable or disable SSHD service. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could enable or disable the SSHD service.Show less
CVE-2022-45429 1Dahuasecurity 5Dhi Dss4004 S2 Firmware Dhi Dss7016d S2 FirmwareDhi Dss7016dr S2 Firmware+2 more Apr 12, 2025 Dec 27, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 Some Dahua software products have a vulnerability of server-side request forgery (SSRF). An Attacker can access internal resources by concatenating links (URL) that conform to specific rules.
CVE-2022-45428 1Dahuasecurity 5Dhi Dss4004 S2 Firmware Dhi Dss7016d S2 FirmwareDhi Dss7016dr S2 Firmware+2 more Apr 14, 2025 Dec 27, 2022 N/A· v4 2.7 LOW· v3 N/A· v2 Some Dahua software products have a vulnerability of sensitive information leakage. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can obt...Show more Some Dahua software products have a vulnerability of sensitive information leakage. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can obtain the debugging information.Show less
CVE-2022-45427 1Dahuasecurity 5Dhi Dss4004 S2 Firmware Dhi Dss7016d S2 FirmwareDhi Dss7016dr S2 Firmware+2 more Apr 14, 2025 Dec 27, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Some Dahua software products have a vulnerability of unrestricted upload of file. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can uploa...Show more Some Dahua software products have a vulnerability of unrestricted upload of file. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can upload arbitrary files.Show less
CVE-2022-45426 1Dahuasecurity 5Dhi Dss4004 S2 Firmware Dhi Dss7016d S2 FirmwareDhi Dss7016dr S2 Firmware+2 more Apr 14, 2025 Dec 27, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Some Dahua software products have a vulnerability of unrestricted download of file. After obtaining the permissions of ordinary users, by sending a specific crafted packet to the vulnerable interface, an attacker can dow...Show more Some Dahua software products have a vulnerability of unrestricted download of file. After obtaining the permissions of ordinary users, by sending a specific crafted packet to the vulnerable interface, an attacker can download arbitrary files.Show less
CVE-2022-45425 1Dahuasecurity 5Dhi Dss4004 S2 Firmware Dhi Dss7016d S2 FirmwareDhi Dss7016dr S2 Firmware+2 more Apr 14, 2025 Dec 27, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An attacker can obtain the AES crypto key by exploiting this vulnerability.
CVE-2022-45424 1Dahuasecurity 5Dhi Dss4004 S2 Firmware Dhi Dss7016d S2 FirmwareDhi Dss7016dr S2 Firmware+2 more Apr 14, 2025 Dec 27, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Some Dahua software products have a vulnerability of unauthenticated request of AES crypto key. An attacker can obtain the AES crypto key by sending a specific crafted packet to the vulnerable interface.
CVE-2022-45423 1Dahuasecurity 5Dhi Dss4004 S2 Firmware Dhi Dss7016d S2 FirmwareDhi Dss7016dr S2 Firmware+2 more Apr 14, 2025 Dec 27, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnerable interface (the cr...Show more Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnerable interface (the credentials cannot be directly exploited).Show less