Vulnerability Details CVE-2022-45423
Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnerable interface (the credentials cannot be directly exploited).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 31.2%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2022-45423
-
cpe:2.3:a:dahuasecurity:dss_express:7.002.1760000.2
-
cpe:2.3:a:dahuasecurity:dss_express:8.0.2
-
cpe:2.3:a:dahuasecurity:dss_express:8.0.4
-
cpe:2.3:a:dahuasecurity:dss_express:8.1
-
cpe:2.3:a:dahuasecurity:dss_express:8.1.1
-
cpe:2.3:a:dahuasecurity:dss_professional:7.002.1760000.2
-
cpe:2.3:a:dahuasecurity:dss_professional:8.0.2
-
cpe:2.3:a:dahuasecurity:dss_professional:8.0.4
-
cpe:2.3:a:dahuasecurity:dss_professional:8.1
-
cpe:2.3:a:dahuasecurity:dss_professional:8.1.1
-
cpe:2.3:h:dahuasecurity:dhi-dss4004-s2:-
-
cpe:2.3:h:dahuasecurity:dhi-dss7016d-s2:-
-
cpe:2.3:h:dahuasecurity:dhi-dss7016dr-s2:-
-
cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:1.001.0000001.2
-
cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.2
-
cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.4
-
cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.1
-
cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:1.001.0000001.2
-
cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.2
-
cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.4
-
cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.1
-
cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:1.001.0000001.2
-
cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.2
-
cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.4
-
cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.1