Advisory ID:DHCC-SA-202212-001
First Published:2022-12-20
Cybersecurity is an on-going challenge for all IoT connected device manufacturers and users, as it is for all digital products and services. Dahua Technology is committed to developing and maintaining state-of-the-art cybersecurity practices, including through our product design process and our customer-facing Dahua Cybersecurity Center (DHCC) for transparent vulnerability reporting and handling.
In response to security issues reported by Bashis from IPVM, Dahua immediately conducted a comprehensive investigation of affected product models and has developed patches and firmware that fix the vulnerabilities. Please download from https://software.dahuasecurity.com/en/download or contact Dahua local technical support to upgrade.
We strongly suggest, consistent with cybersecurity best practice, that all Dahua customers follow our security advisory, in order to ensure their systems are up-to-date and maximally protected. In the meantime, customers with other concerns on cybersecurity related issues, please feel free to contact us at cybersecurity@dahuatech.com.
Summary
1. CVE-2022- 45423
Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specially crafted packet to the vulnerable interface (the credentials cannot be directly exploited).
2. CVE-2022- 45424
Some Dahua software products have a vulnerability of unauthenticated request of AES crypto key. An attacker can obtain the AES crypto key by sending a specially crafted packet to the vulnerable interface.
3. CVE-2022- 45425
Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An attacker can obtain the AES crypto key by exploiting this vulnerability.
4. CVE-2022- 45426
Some Dahua software products have a vulnerability of unrestricted download of file. After obtaining the permissions of ordinary users, by sending a specially crafted packet to the vulnerable interface, an attacker can download arbitrary files.
5. CVE-2022- 45427
Some Dahua software products have a vulnerability of unrestricted upload of file. After obtaining the permissions of administrators, by sending a specially crafted packet to the vulnerable interface, an attacker can upload arbitrary files.
6. CVE-2022- 45428
Some Dahua software products have a vulnerability of sensitive information leakage. After obtaining the permissions of administrators, by sending a specially crafted packet to the vulnerable interface, an attacker can obtain the debugging information.
7. CVE-2022- 45429
Some Dahua software products have a vulnerability of server-side request forgery (SSRF). An Attacker can access internal resources by concatenating links (URL) that conform to specially rules.
8. CVE-2022- 45430
Some Dahua software products have a vulnerability of unauthenticated enable or disable SSHD service. After bypassing the firewall access control policy, by sending a specially crafted packet to the vulnerable interface, an attacker could enable or disable the SSHD service.
Note: This vulnerability affects Linux based system only.
9. CVE-2022- 45431
Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. After bypassing the firewall access control policy, by sending a specially crafted packet to the vulnerable interface, an attacker could unauthenticated restart of remote DSS Server.
Note: This vulnerability affects Linux based system only.
10. CVE-2022- 45432
Some Dahua software products have a vulnerability of unauthenticated search for devices. After bypassing the firewall access control policy, by sending a specially crafted packet to the vulnerable interface, an attacker could unauthenticated search for devices in range of IPs from remote DSS Server.
Note: This vulnerability affects Windows based system only.
11. CVE-2022- 45433
Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote DSS Server. After bypassing the firewall access control policy, by sending a specially crafted packet to the vulnerable interface, an attacker could get the traceroute results.
Note: This vulnerability affects Windows based system only.
12. CVE-2022- 45434
Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. After bypassing the firewall access control policy, by sending a specially crafted packet to the vulnerable interface, an attacker could exploit the victim server to launch ICMP request attack to the designated target host.
Note: This vulnerability affects Windows based system only.
Vulnerability Score
The vulnerability classification has been performed by using the CVSSv3.1 scoring system (http://www.first.org/cvss/speciallyation-document).
CVE-2022-45423
Base Score: 5.3(AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Temporal Score: 4.8(E:P/RL:O/RC:C)
CVE-2022-45424
Base Score: 7.5(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Temporal Score: 6.7(E:P/RL:O/RC:C)
CVE-2022-45425
Base Score: 7.5(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Temporal Score: 6.7(E:P/RL:O/RC:C)
CVE-2022-45426
Base Score: 7.7(AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)
Temporal Score: 6.9(E:P/RL:O/RC:C)
CVE-2022-45427
Base Score: 8.7(AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H)
Temporal Score: 7.8(E:P/RL:O/RC:C)
CVE-2022-45428
Base Score: 4.9(AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)
Temporal Score: 4.4(E:P/RL:O/RC:C)
CVE-2022-45429
Base Score: 9.8(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Temporal Score: 8.8(E:P/RL:O/RC:C)
CVE-2022-45430
Base Score: 5.8(AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L)
Temporal Score: 5.2(E:P/RL:O/RC:C)
CVE-2022-45431
Base Score: 8.6(AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)
Temporal Score: 7.7(E:P/RL:O/RC:C)
CVE-2022-45432
Base Score: 5.8(AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)
Temporal Score: 5.2(E:P/RL:O/RC:C)
CVE-2022-45433
Base Score: 5.8(AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)
Temporal Score: 5.2(E:P/RL:O/RC:C)
CVE-2022-45434
Base Score: 5.8(AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L)
Temporal Score: 5.2(E:P/RL:O/RC:C)
Affected Products & Fix Software
The following product series and models are currently known to be affected.
| Affected Model | Affected Version | Fix Software | Affected Area |
| DSS Professional | V7.002.1760000.2 | Overseas | |
| V8.0.2 | |||
| V8.0.4 | |||
| V8.1 | |||
| V8.1.1 | |||
| DSS Express | V1.000.175J000.2 | Overseas | |
| V8.0.2 | |||
| V8.0.4 | |||
| V8.1 | |||
| V8.1.1 | |||
| DHI-DSS7016D-S2/DHI-DSS7016DR-S2 | V1.001.0000001.2 | Overseas | |
| V8.0.2 | |||
| V8.0.4 | |||
| V8.1 | |||
| DHI-DSS4004-S2 | V1.001.0000000.2 | Overseas | |
| V8.0.2 | |||
| V8.0.4 | |||
| V8.1 |
Note: To view the version, please log in to the Web and view it on the “About” page.
Fix Software Download
Please download the corresponding fix software or its newer version as listed in the above table from Dahua website, or contact Dahua local technical support to upgrade.
• Dahua Official website: https://software.dahuasecurity.com/en/download
• Dahua Technical Support Personnel.
Support Resources
For any questions or concerns related to our products and solutions, please contact Dahua DHCC at cybersecurity@dahuatech.com.
Acknowledgment
We acknowledge the support of Bashis from IPVM who discovered these vulnerabilities and reported them to DHCC.
Revision History
| Version | Description | Date |
| V1.0 | Initial public release | 2022-12-20 |
