Vulnerabilities (CVE)

Filtered by vendor Dahuasecurity Subscribe
Total 58 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-3836 1 Dahuasecurity 1 Smart Parking Management 2024-11-21 6.5 MEDIUM 6.3 MEDIUM
A vulnerability classified as critical was found in Dahua Smart Park Management up to 20230713. This vulnerability affects unknown code of the file /emap/devicePoint_addImgIco?hasSubsystem=true. The manipulation of the argument upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235162 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-3121 1 Dahuasecurity 1 Smart Parking Management 2024-11-21 2.7 LOW 3.5 LOW
A vulnerability has been found in Dahua Smart Parking Management up to 20230528 and classified as problematic. This vulnerability affects unknown code of the file /ipms/imageConvert/image. The manipulation of the argument fileUrl leads to server-side request forgery. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230800. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2022-45434 2 Dahuasecurity, Microsoft 9 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 6 more 2024-11-21 N/A 5.9 MEDIUM
Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could exploit the victim server to launch ICMP request attack to the designated target host.
CVE-2022-45433 2 Dahuasecurity, Microsoft 9 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 6 more 2024-11-21 N/A 3.7 LOW
Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could get the traceroute results.
CVE-2022-45432 2 Dahuasecurity, Microsoft 9 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 6 more 2024-11-21 N/A 5.3 MEDIUM
Some Dahua software products have a vulnerability of unauthenticated search for devices. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated search for devices in range of IPs from remote DSS Server.
CVE-2022-45431 2 Dahuasecurity, Linux 9 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 6 more 2024-11-21 N/A 7.5 HIGH
Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated restart of remote DSS Server.
CVE-2022-45430 2 Dahuasecurity, Linux 9 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 6 more 2024-11-21 N/A 3.7 LOW
Some Dahua software products have a vulnerability of unauthenticated enable or disable SSHD service. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could enable or disable the SSHD service.
CVE-2022-45429 1 Dahuasecurity 8 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 5 more 2024-11-21 N/A 7.5 HIGH
Some Dahua software products have a vulnerability of server-side request forgery (SSRF). An Attacker can access internal resources by concatenating links (URL) that conform to specific rules.
CVE-2022-45428 1 Dahuasecurity 8 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 5 more 2024-11-21 N/A 2.7 LOW
Some Dahua software products have a vulnerability of sensitive information leakage. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can obtain the debugging information.
CVE-2022-45427 1 Dahuasecurity 8 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 5 more 2024-11-21 N/A 7.2 HIGH
Some Dahua software products have a vulnerability of unrestricted upload of file. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can upload arbitrary files.
CVE-2022-45426 1 Dahuasecurity 8 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 5 more 2024-11-21 N/A 6.5 MEDIUM
Some Dahua software products have a vulnerability of unrestricted download of file. After obtaining the permissions of ordinary users, by sending a specific crafted packet to the vulnerable interface, an attacker can download arbitrary files.
CVE-2022-45425 1 Dahuasecurity 8 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 5 more 2024-11-21 N/A 7.5 HIGH
Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An attacker can obtain the AES crypto key by exploiting this vulnerability.
CVE-2022-45424 1 Dahuasecurity 8 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 5 more 2024-11-21 N/A 5.3 MEDIUM
Some Dahua software products have a vulnerability of unauthenticated request of AES crypto key. An attacker can obtain the AES crypto key by sending a specific crafted packet to the vulnerable interface.
CVE-2022-45423 1 Dahuasecurity 8 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 5 more 2024-11-21 N/A 7.5 HIGH
Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnerable interface (the credentials cannot be directly exploited).
CVE-2022-30564 1 Dahuasecurity 194 Ipc-hf5241f-ze, Ipc-hf5241f-ze Firmware, Ipc-hf5442f-ze and 191 more 2024-11-21 N/A 5.3 MEDIUM
Some Dahua embedded products have a vulnerability of unauthorized modification of the device timestamp. By sending a specially crafted packet to the vulnerable interface, an attacker can modify the device system time.
CVE-2022-30563 1 Dahuasecurity 80 Asi7213x, Asi7213x-t1, Asi7213x-t1 Firmware and 77 more 2024-11-21 5.8 MEDIUM 7.4 HIGH
When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user's login packet.
CVE-2022-30562 1 Dahuasecurity 80 Asi7213x, Asi7213x-t1, Asi7213x-t1 Firmware and 77 more 2024-11-21 4.0 MEDIUM 4.7 MEDIUM
If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page.
CVE-2022-30561 1 Dahuasecurity 80 Asi7213x, Asi7213x-t1, Asi7213x-t1 Firmware and 77 more 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user's login packet.
CVE-2022-30560 1 Dahuasecurity 80 Asi7213x, Asi7213x-t1, Asi7213x-t1 Firmware and 77 more 2024-11-21 5.8 MEDIUM 7.4 HIGH
When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash.
CVE-2021-33046 1 Dahuasecurity 56 Asc2204c, Asc2204c Firmware, Hcvr7xxx and 53 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.