CVE-2022-45433

LOW

Published Dec 27, 20223y ago · Modified Jun 17, 20261w ago

3.7 CVSS 3.1

Low

Published Dec 27, 2022 3y ago

Last Modified Jun 17, 2026 1w ago

Description

Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could get the traceroute results.

CVSS Details

Base Score

3.7

Exploitability

2.2

Impact

1.4

Vector string

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector Network

Attack Complexity High

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality Low

Integrity None

Availability None

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status

No Known Exploit

Patch Available

Weaknesses 1

CWE-306 Missing Authentication for Critical Function Authentication

Affected Products 26

Vendor	Product	Version	Range
dahuasecurity	dhi-dss7016d-s2_firmware	1.001.0000001.2	any
dahuasecurity	dhi-dss7016d-s2_firmware	8.0.2	any
dahuasecurity	dhi-dss7016d-s2_firmware	8.0.4	any
dahuasecurity	dhi-dss7016d-s2_firmware	8.1	any
dahuasecurity	dhi-dss7016d-s2	*	any
dahuasecurity	dhi-dss7016dr-s2_firmware	1.001.0000001.2	any
dahuasecurity	dhi-dss7016dr-s2_firmware	8.0.2	any
dahuasecurity	dhi-dss7016dr-s2_firmware	8.0.4	any
dahuasecurity	dhi-dss7016dr-s2_firmware	8.1	any
dahuasecurity	dhi-dss7016dr-s2	*	any
dahuasecurity	dhi-dss4004-s2_firmware	1.001.0000001.2	any
dahuasecurity	dhi-dss4004-s2_firmware	8.0.2	any
dahuasecurity	dhi-dss4004-s2_firmware	8.0.4	any
dahuasecurity	dhi-dss4004-s2_firmware	8.1	any
dahuasecurity	dhi-dss4004-s2	*	any
dahuasecurity	dss_express	7.002.1760000.2	any
dahuasecurity	dss_express	8.0.2	any
dahuasecurity	dss_express	8.0.4	any
dahuasecurity	dss_express	8.1	any
dahuasecurity	dss_express	8.1.1	any
dahuasecurity	dss_professional	7.002.1760000.2	any
dahuasecurity	dss_professional	8.0.2	any
dahuasecurity	dss_professional	8.0.4	any
dahuasecurity	dss_professional	8.1	any
dahuasecurity	dss_professional	8.1.1	any
microsoft	windows	*	any

References 1

dahuasecurity.com https://www.dahuasecurity.com/support/cybersecurity/details/1137

PatchVendor Advisory

Remediation

dahuasecurity.com https://www.dahuasecurity.com/support/cybersecurity/details/1137

PatchVendor Advisory