CVE-2022-45425

Опубликовано: 27 дек. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An attacker can obtain the AES crypto key by exploiting this vulnerability.

Ссылки

https://www.dahuasecurity.com/support/cybersecurity/details/1137
Patch
Vendor Advisory
https://www.dahuasecurity.com/support/cybersecurity/details/1137
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:dahuasecurity:dss_express:7.002.1760000.2:*:*:*:*:*:*:*

cpe:2.3:a:dahuasecurity:dss_express:8.0.2:*:*:*:*:*:*:*

cpe:2.3:a:dahuasecurity:dss_express:8.0.4:*:*:*:*:*:*:*

cpe:2.3:a:dahuasecurity:dss_express:8.1:*:*:*:*:*:*:*

cpe:2.3:a:dahuasecurity:dss_express:8.1.1:*:*:*:*:*:*:*

cpe:2.3:a:dahuasecurity:dss_professional:7.002.1760000.2:*:*:*:*:*:*:*

cpe:2.3:a:dahuasecurity:dss_professional:8.0.2:*:*:*:*:*:*:*

cpe:2.3:a:dahuasecurity:dss_professional:8.0.4:*:*:*:*:*:*:*

cpe:2.3:a:dahuasecurity:dss_professional:8.1:*:*:*:*:*:*:*

cpe:2.3:a:dahuasecurity:dss_professional:8.1.1:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

Одно из

cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*

cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.2:*:*:*:*:*:*:*

cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.4:*:*:*:*:*:*:*

cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.1:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:dhi-dss7016d-s2:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

Одно из

cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*

cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.2:*:*:*:*:*:*:*

cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.4:*:*:*:*:*:*:*

cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.1:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:dhi-dss7016dr-s2:-:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

Одно из

cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*

cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.2:*:*:*:*:*:*:*

cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.4:*:*:*:*:*:*:*

cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.1:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:dhi-dss4004-s2:-:*:*:*:*:*:*:*

EPSS

Процентиль: 51%

0.00276

Низкий

7.5 High

CVSS3

Дефекты

CWE-798

Связанные уязвимости

GHSA-7qrc-wm75-hvh3

CVSS3: 7.5

github

около 3 лет назад

Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An attacker can obtain the AES crypto key by exploiting this vulnerability.

EPSS

Процентиль: 51%

0.00276

Низкий

7.5 High

CVSS3

Дефекты

CWE-798