{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-45426", "assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad", "assignerShortName": "dahua", "dateUpdated": "2025-04-14T13:19:12.304Z", "dateReserved": "2022-11-14T00:00:00.000Z", "datePublished": "2022-12-27T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad", "shortName": "dahua", "dateUpdated": "2022-12-27T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "Some Dahua software products have a vulnerability of unrestricted download of file. After obtaining the permissions of ordinary users, by sending a specific crafted packet to the vulnerable interface, an attacker can download arbitrary files."}], "affected": [{"vendor": "n/a", "product": "DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2", "versions": [{"version": "V8.0.2, V8.0.4, V8.1", "status": "affected"}]}], "references": [{"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "External Control of File Name or Path"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:09:57.063Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-552", "lang": "en", "description": "CWE-552 Files or Directories Accessible to External Parties"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-14T13:18:30.409134Z", "id": "CVE-2022-45426", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-14T13:19:12.304Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:09:57.063Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-45426", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-14T13:18:30.409134Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-552", "description": "CWE-552 Files or Directories Accessible to External Parties"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-14T13:19:04.987Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2", "versions": [{"status": "affected", "version": "V8.0.2, V8.0.4, V8.1"}]}], "references": [{"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"}], "descriptions": [{"lang": "en", "value": "Some Dahua software products have a vulnerability of unrestricted download of file. After obtaining the permissions of ordinary users, by sending a specific crafted packet to the vulnerable interface, an attacker can download arbitrary files."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "External Control of File Name or Path"}]}], "providerMetadata": {"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad", "shortName": "dahua", "dateUpdated": "2022-12-27T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-45426", "state": "PUBLISHED", "dateUpdated": "2025-04-14T13:19:12.304Z", "dateReserved": "2022-11-14T00:00:00.000Z", "assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad", "datePublished": "2022-12-27T00:00:00.000Z", "assignerShortName": "dahua"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dahuasecurity:dss_express:7.002.1760000.2:*:*:*:*:*:*:*", "matchCriteriaId": "3884EEA1-1A5A-465D-911A-C1468C48095C", "vulnerable": true}, {"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "546B8C47-C545-4BF6-B62E-F6D7A4EC0B9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "2FFFFF73-D666-4EFD-BC9C-F35AB0884E63", "vulnerable": true}, {"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "F79147B7-FBD0-4A5A-81A4-B902366336C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "B4A7BE6D-04EB-40CC-A59E-78922BA310EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:7.002.1760000.2:*:*:*:*:*:*:*", "matchCriteriaId": "BA1F0C70-4274-4910-A645-EC52D1CB3847", "vulnerable": true}, {"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "A7812C76-E325-4DDB-BF1F-AA0C37B073F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "F6C276F4-260B-4C98-92B7-AD5FD5B6A35C", "vulnerable": true}, {"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "50990609-E282-4FF0-B7B3-6FF641E1F836", "vulnerable": true}, {"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "6CE289B1-0442-4F55-9C8B-3B8D1B3F24E3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*", "matchCriteriaId": "D729295F-15E2-4B8D-A85C-53CAB6544144", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "266BDE37-4A75-4B7F-9627-DDE6C78FB593", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "7CA557CC-3A2B-40E0-833E-2009B6180DEB", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "E6E8AE26-5271-4BA3-8539-9B7856F5DF84", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss7016d-s2:-:*:*:*:*:*:*:*", "matchCriteriaId": "CCBDDB17-CEDD-45DA-87E0-7F15753AE9BC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*", "matchCriteriaId": "F0F2A1C3-2057-4182-B425-94C3EC1862BE", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "D6042411-429A-48BC-9D21-D8AD84DB11E6", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "11B6BBCD-0A83-4816-84F9-647403DA64F2", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "78D7D57F-36EA-42DB-866F-DC9BCEAD2235", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss7016dr-s2:-:*:*:*:*:*:*:*", "matchCriteriaId": "38A0F44A-CB7D-42EA-A8D7-373F5BD6A963", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*", "matchCriteriaId": "D4C754C4-1908-4EF2-BB70-4EA730324D98", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "4D060128-197D-4EEC-A486-364B1876A1B6", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "1E8F32EF-9A87-4807-B3C0-2DC4F17553D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "9F9CED99-BAC5-4D7C-B10F-DF16085BC888", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss4004-s2:-:*:*:*:*:*:*:*", "matchCriteriaId": "C8C804BE-2D42-4213-A108-4426F5F0E348", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Some Dahua software products have a vulnerability of unrestricted download of file. After obtaining the permissions of ordinary users, by sending a specific crafted packet to the vulnerable interface, an attacker can download arbitrary files."}, {"lang": "es", "value": "Algunos productos de software de Dahua tienen una vulnerabilidad de descarga de archivos sin restricciones. Despu\u00e9s de obtener los permisos de los usuarios normales, al enviar un paquete manipulado espec\u00edficamente a la interfaz vulnerable, un atacante puede descargar archivos arbitrarios."}], "id": "CVE-2022-45426", "lastModified": "2025-04-14T14:15:20.653", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-12-27T18:15:10.553", "references": [{"source": "cybersecurity@dahuatech.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"}], "sourceIdentifier": "cybersecurity@dahuatech.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-552"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-552"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{}