Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-45423

Опубликовано: 27 дек. 2022
Источник: nvd
CVSS3: 7.5
EPSS Низкий

Описание

Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnerable interface (the credentials cannot be directly exploited).

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:dahuasecurity:dss_express:7.002.1760000.2:*:*:*:*:*:*:*
cpe:2.3:a:dahuasecurity:dss_express:8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:dahuasecurity:dss_express:8.0.4:*:*:*:*:*:*:*
cpe:2.3:a:dahuasecurity:dss_express:8.1:*:*:*:*:*:*:*
cpe:2.3:a:dahuasecurity:dss_express:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:dahuasecurity:dss_professional:7.002.1760000.2:*:*:*:*:*:*:*
cpe:2.3:a:dahuasecurity:dss_professional:8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:dahuasecurity:dss_professional:8.0.4:*:*:*:*:*:*:*
cpe:2.3:a:dahuasecurity:dss_professional:8.1:*:*:*:*:*:*:*
cpe:2.3:a:dahuasecurity:dss_professional:8.1.1:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

Одно из

cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.2:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.4:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.1:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:dhi-dss7016d-s2:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

Одно из

cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.2:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.4:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.1:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:dhi-dss7016dr-s2:-:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

Одно из

cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.2:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.4:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.1:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:dhi-dss4004-s2:-:*:*:*:*:*:*:*

EPSS

Процентиль: 33%
0.00133
Низкий

7.5 High

CVSS3

Дефекты

CWE-306
CWE-306

Связанные уязвимости

github логотип

GHSA-gqwx-q2cx-gx28

CVSS3: 7.5
github
около 3 лет назад

Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnerable interface (the credentials cannot be directly exploited).

EPSS

Процентиль: 33%
0.00133
Низкий

7.5 High

CVSS3

Дефекты

CWE-306
CWE-306