CVE-2022-45423

CVSS V2 None CVSS V3 None

Description

Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnerable interface (the credentials cannot be directly exploited).

Overview

CVE ID
CVE-2022-45423

Assigner
cybersecurity@dahuatech.com

Vulnerability Status
Analyzed

Published Version
2022-12-27T18:15:10

Last Modified Date
2023-01-05T04:45:38

Weakness Enumerations

CWE	URL
CWE-522	http://cwe.mitre.org/data/definitions/522.html

CPE Configuration (Product)

CPE	Vulnerable	Operator
		AND
cpe:2.3:a:dahuasecurity:dss_express:7.002.1760000.2:::::::*	1	OR
cpe:2.3:a:dahuasecurity:dss_express:8.0.2:::::::*	1	OR
cpe:2.3:a:dahuasecurity:dss_express:8.0.4:::::::*	1	OR
cpe:2.3:a:dahuasecurity:dss_express:8.1:::::::*	1	OR
cpe:2.3:a:dahuasecurity:dss_express:8.1.1:::::::*	1	OR
cpe:2.3:a:dahuasecurity:dss_professional:7.002.1760000.2:::::::*	1	OR
cpe:2.3:a:dahuasecurity:dss_professional:8.0.2:::::::*	1	OR
cpe:2.3:a:dahuasecurity:dss_professional:8.0.4:::::::*	1	OR
cpe:2.3:a:dahuasecurity:dss_professional:8.1:::::::*	1	OR
cpe:2.3:a:dahuasecurity:dss_professional:8.1.1:::::::*	1	OR
		AND
cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:1.001.0000001.2:::::::*	1	OR
cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.2:::::::*	1	OR
cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.4:::::::*	1	OR
cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.1:::::::*	1	OR
cpe:2.3:h:dahuasecurity:dhi-dss7016d-s2:-:::::::*	0	OR
		AND
cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:1.001.0000001.2:::::::*	1	OR
cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.2:::::::*	1	OR
cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.4:::::::*	1	OR
cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.1:::::::*	1	OR
cpe:2.3:h:dahuasecurity:dhi-dss7016dr-s2:-:::::::*	0	OR
		AND
cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:1.001.0000001.2:::::::*	1	OR
cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.2:::::::*	1	OR
cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.4:::::::*	1	OR
cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.1:::::::*	1	OR
cpe:2.3:h:dahuasecurity:dhi-dss4004-s2:-:::::::*	0	OR

References

Reference URL	Reference Tags
https://www.dahuasecurity.com/support/cybersecurity/details/1137

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2022-45423
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45423

History

Created	Old Value	New Value	Data Type	Notes
2022-12-27 18:18:25				Added to TrackCVE
2022-12-27 20:15:01		2022-12-27T19:59:31	CVE Modified Date	updated
2022-12-27 20:15:01	Received	Awaiting Analysis	Vulnerability Status	updated
2023-01-04 13:15:43	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated
2023-01-05 05:15:20		2023-01-05T04:45:38	CVE Modified Date	updated
2023-01-05 05:15:20	Undergoing Analysis	Analyzed	Vulnerability Status	updated
2023-01-05 05:15:21			Weakness Enumeration	new
2023-01-05 05:15:23			CPE Information	updated