本ページは dahuasecurity dss_express に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2022-45434 | Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could exploit the victim server to launch ICMP request attack to the designated target host. | [email protected] | 5.9 | 0.66% | 2022-12-27 | 2026-06-17 |
| CVE-2022-45433 | Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could get the traceroute results. | [email protected] | 3.7 | 0.62% | 2022-12-27 | 2026-06-17 |
| CVE-2022-45432 | Some Dahua software products have a vulnerability of unauthenticated search for devices. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated search for devices in range of IPs from remote DSS Server. | [email protected] | 5.3 | 0.70% | 2022-12-27 | 2026-06-17 |
| CVE-2022-45431 | Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated restart of remote DSS Server. | [email protected] | 7.5 | 0.64% | 2022-12-27 | 2026-06-17 |
| CVE-2022-45430 | Some Dahua software products have a vulnerability of unauthenticated enable or disable SSHD service. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could enable or disable the SSHD service. | [email protected] | 3.7 | 0.41% | 2022-12-27 | 2026-06-17 |
| CVE-2022-45429 | Some Dahua software products have a vulnerability of server-side request forgery (SSRF). An Attacker can access internal resources by concatenating links (URL) that conform to specific rules. | [email protected] | 7.5 | 0.53% | 2022-12-27 | 2026-06-17 |
| CVE-2022-45428 | Some Dahua software products have a vulnerability of sensitive information leakage. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can obtain the debugging information. | [email protected] | 2.7 | 0.68% | 2022-12-27 | 2026-06-17 |
| CVE-2022-45427 | Some Dahua software products have a vulnerability of unrestricted upload of file. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can upload arbitrary files. | [email protected] | 7.2 | 0.70% | 2022-12-27 | 2026-06-17 |
| CVE-2022-45426 | Some Dahua software products have a vulnerability of unrestricted download of file. After obtaining the permissions of ordinary users, by sending a specific crafted packet to the vulnerable interface, an attacker can download arbitrary files. | [email protected] | 6.5 | 0.58% | 2022-12-27 | 2026-06-17 |
| CVE-2022-45425 | Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An attacker can obtain the AES crypto key by exploiting this vulnerability. | [email protected] | 7.5 | 0.53% | 2022-12-27 | 2026-06-17 |
| CVE-2022-45424 | Some Dahua software products have a vulnerability of unauthenticated request of AES crypto key. An attacker can obtain the AES crypto key by sending a specific crafted packet to the vulnerable interface. | [email protected] | 5.3 | 0.68% | 2022-12-27 | 2026-06-17 |
| CVE-2022-45423 | Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnerable interface (the credentials cannot be directly exploited). | [email protected] | 7.5 | 0.57% | 2022-12-27 | 2026-06-17 |