Vulnerability Details CVE-2022-45429
Some Dahua software products have a vulnerability of server-side request forgery (SSRF). An Attacker can access internal resources by concatenating links (URL) that conform to specific rules.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.9%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2022-45429
-
cpe:2.3:a:dahuasecurity:dss_express:7.002.1760000.2
-
cpe:2.3:a:dahuasecurity:dss_express:8.0.2
-
cpe:2.3:a:dahuasecurity:dss_express:8.0.4
-
cpe:2.3:a:dahuasecurity:dss_express:8.1
-
cpe:2.3:a:dahuasecurity:dss_express:8.1.1
-
cpe:2.3:a:dahuasecurity:dss_professional:7.002.1760000.2
-
cpe:2.3:a:dahuasecurity:dss_professional:8.0.2
-
cpe:2.3:a:dahuasecurity:dss_professional:8.0.4
-
cpe:2.3:a:dahuasecurity:dss_professional:8.1
-
cpe:2.3:a:dahuasecurity:dss_professional:8.1.1
-
cpe:2.3:h:dahuasecurity:dhi-dss4004-s2:-
-
cpe:2.3:h:dahuasecurity:dhi-dss7016d-s2:-
-
cpe:2.3:h:dahuasecurity:dhi-dss7016dr-s2:-
-
cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:1.001.0000001.2
-
cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.2
-
cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.4
-
cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.1
-
cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:1.001.0000001.2
-
cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.2
-
cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.4
-
cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.1
-
cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:1.001.0000001.2
-
cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.2
-
cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.4
-
cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.1