This page lists publicly disclosed CVE vulnerabilities affecting dahuasecurity dss_express (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-45434 | Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could exploit the victim server to launch ICMP request attack to the designated target host. | [email protected] | 5.9 | 0.21% | 2022-12-27 | 2025-04-14 |
| CVE-2022-45433 | Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could get the traceroute results. | [email protected] | 3.7 | 0.10% | 2022-12-27 | 2025-04-14 |
| CVE-2022-45432 | Some Dahua software products have a vulnerability of unauthenticated search for devices. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated search for devices in range of IPs from remote DSS Server. | [email protected] | 5.3 | 0.05% | 2022-12-27 | 2025-04-14 |
| CVE-2022-45431 | Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated restart of remote DSS Server. | [email protected] | 7.5 | 0.18% | 2022-12-27 | 2025-04-11 |
| CVE-2022-45430 | Some Dahua software products have a vulnerability of unauthenticated enable or disable SSHD service. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could enable or disable the SSHD service. | [email protected] | 3.7 | 0.10% | 2022-12-27 | 2025-04-11 |
| CVE-2022-45429 | Some Dahua software products have a vulnerability of server-side request forgery (SSRF). An Attacker can access internal resources by concatenating links (URL) that conform to specific rules. | [email protected] | 7.5 | 0.34% | 2022-12-27 | 2025-04-12 |
| CVE-2022-45428 | Some Dahua software products have a vulnerability of sensitive information leakage. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can obtain the debugging information. | [email protected] | 2.7 | 0.05% | 2022-12-27 | 2025-04-14 |
| CVE-2022-45427 | Some Dahua software products have a vulnerability of unrestricted upload of file. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can upload arbitrary files. | [email protected] | 7.2 | 0.23% | 2022-12-27 | 2025-04-14 |
| CVE-2022-45426 | Some Dahua software products have a vulnerability of unrestricted download of file. After obtaining the permissions of ordinary users, by sending a specific crafted packet to the vulnerable interface, an attacker can download arbitrary files. | [email protected] | 6.5 | 0.10% | 2022-12-27 | 2025-04-14 |
| CVE-2022-45425 | Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An attacker can obtain the AES crypto key by exploiting this vulnerability. | [email protected] | 7.5 | 0.34% | 2022-12-27 | 2025-04-14 |
| CVE-2022-45424 | Some Dahua software products have a vulnerability of unauthenticated request of AES crypto key. An attacker can obtain the AES crypto key by sending a specific crafted packet to the vulnerable interface. | [email protected] | 5.3 | 0.10% | 2022-12-27 | 2025-04-14 |
| CVE-2022-45423 | Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnerable interface (the credentials cannot be directly exploited). | [email protected] | 7.5 | 0.13% | 2022-12-27 | 2025-04-14 |