{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-45427", "assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad", "assignerShortName": "dahua", "dateUpdated": "2024-08-03T14:09:56.974Z", "dateReserved": "2022-11-14T00:00:00", "datePublished": "2022-12-27T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad", "shortName": "dahua", "dateUpdated": "2022-12-27T00:00:00"}, "descriptions": [{"lang": "en", "value": "Some Dahua software products have a vulnerability of unrestricted upload of file. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can upload arbitrary files."}], "affected": [{"vendor": "n/a", "product": "DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2", "versions": [{"version": "V8.0.2, V8.0.4, V8.1", "status": "affected"}]}], "references": [{"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Unrestricted Upload of File with Dangerous Type"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:09:56.974Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dahuasecurity:dss_express:7.002.1760000.2:*:*:*:*:*:*:*", "matchCriteriaId": "3884EEA1-1A5A-465D-911A-C1468C48095C", "vulnerable": true}, {"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "546B8C47-C545-4BF6-B62E-F6D7A4EC0B9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "2FFFFF73-D666-4EFD-BC9C-F35AB0884E63", "vulnerable": true}, {"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "F79147B7-FBD0-4A5A-81A4-B902366336C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:dahuasecurity:dss_express:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "B4A7BE6D-04EB-40CC-A59E-78922BA310EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:7.002.1760000.2:*:*:*:*:*:*:*", "matchCriteriaId": "BA1F0C70-4274-4910-A645-EC52D1CB3847", "vulnerable": true}, {"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "A7812C76-E325-4DDB-BF1F-AA0C37B073F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "F6C276F4-260B-4C98-92B7-AD5FD5B6A35C", "vulnerable": true}, {"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "50990609-E282-4FF0-B7B3-6FF641E1F836", "vulnerable": true}, {"criteria": "cpe:2.3:a:dahuasecurity:dss_professional:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "6CE289B1-0442-4F55-9C8B-3B8D1B3F24E3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*", "matchCriteriaId": "D729295F-15E2-4B8D-A85C-53CAB6544144", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "266BDE37-4A75-4B7F-9627-DDE6C78FB593", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "7CA557CC-3A2B-40E0-833E-2009B6180DEB", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "E6E8AE26-5271-4BA3-8539-9B7856F5DF84", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss7016d-s2:-:*:*:*:*:*:*:*", "matchCriteriaId": "CCBDDB17-CEDD-45DA-87E0-7F15753AE9BC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*", "matchCriteriaId": "F0F2A1C3-2057-4182-B425-94C3EC1862BE", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "D6042411-429A-48BC-9D21-D8AD84DB11E6", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "11B6BBCD-0A83-4816-84F9-647403DA64F2", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "78D7D57F-36EA-42DB-866F-DC9BCEAD2235", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss7016dr-s2:-:*:*:*:*:*:*:*", "matchCriteriaId": "38A0F44A-CB7D-42EA-A8D7-373F5BD6A963", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*", "matchCriteriaId": "D4C754C4-1908-4EF2-BB70-4EA730324D98", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "4D060128-197D-4EEC-A486-364B1876A1B6", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "1E8F32EF-9A87-4807-B3C0-2DC4F17553D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "9F9CED99-BAC5-4D7C-B10F-DF16085BC888", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:dhi-dss4004-s2:-:*:*:*:*:*:*:*", "matchCriteriaId": "C8C804BE-2D42-4213-A108-4426F5F0E348", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Some Dahua software products have a vulnerability of unrestricted upload of file. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can upload arbitrary files."}, {"lang": "es", "value": "Algunos productos de software de Dahua tienen una vulnerabilidad de carga de archivos sin restricciones. Despu\u00e9s de obtener los permisos de los administradores, al enviar un paquete manipulado espec\u00edficamente a la interfaz vulnerable, un atacante puede cargar archivos arbitrarios."}], "id": "CVE-2022-45427", "lastModified": "2023-01-05T04:35:03.177", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-27T18:15:10.600", "references": [{"source": "cybersecurity@dahuatech.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1137"}], "sourceIdentifier": "cybersecurity@dahuatech.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}