CVE-2022-45434: Security Advisory – Vulnerabilities found in Dahua software products

Advisory ID****：DHCC-SA-202212-001

First Published****：2022-12-20

Cybersecurity is an on-going challenge for all IoT connected device manufacturers and users, as it is for all digital products and services. Dahua Technology is committed to developing and maintaining state-of-the-art cybersecurity practices, including through our product design process and our customer-facing Dahua Cybersecurity Center (DHCC) for transparent vulnerability reporting and handling.

In response to security issues reported by Bashis from IPVM, Dahua immediately conducted a comprehensive investigation of affected product models and has developed patches and firmware that fix the vulnerabilities. Please download from https://software.dahuasecurity.com/en/download or contact Dahua local technical support to upgrade.

We strongly suggest, consistent with cybersecurity best practice, that all Dahua customers follow our security advisory, in order to ensure their systems are up-to-date and maximally protected. In the meantime, customers with other concerns on cybersecurity related issues, please feel free to contact us at [email protected].

Summary

1. CVE-2022- 45423

Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specially crafted packet to the vulnerable interface (the credentials cannot be directly exploited).

2. CVE-2022- 45424

Some Dahua software products have a vulnerability of unauthenticated request of AES crypto key. An attacker can obtain the AES crypto key by sending a specially crafted packet to the vulnerable interface.

3. CVE-2022- 45425

Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An attacker can obtain the AES crypto key by exploiting this vulnerability.

4. CVE-2022- 45426

Some Dahua software products have a vulnerability of unrestricted download of file. After obtaining the permissions of ordinary users, by sending a specially crafted packet to the vulnerable interface, an attacker can download arbitrary files.

5. CVE-2022- 45427

Some Dahua software products have a vulnerability of unrestricted upload of file. After obtaining the permissions of administrators, by sending a specially crafted packet to the vulnerable interface, an attacker can upload arbitrary files.

6. CVE-2022- 45428

Some Dahua software products have a vulnerability of sensitive information leakage. After obtaining the permissions of administrators, by sending a specially crafted packet to the vulnerable interface, an attacker can obtain the debugging information.

7. CVE-2022- 45429

Some Dahua software products have a vulnerability of server-side request forgery (SSRF). An Attacker can access internal resources by concatenating links (URL) that conform to specially rules.

8. CVE-2022- 45430

Some Dahua software products have a vulnerability of unauthenticated enable or disable SSHD service. After bypassing the firewall access control policy, by sending a specially crafted packet to the vulnerable interface, an attacker could enable or disable the SSHD service.

Note: This vulnerability affects Linux based system only.

9. CVE-2022- 45431

Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. After bypassing the firewall access control policy, by sending a specially crafted packet to the vulnerable interface, an attacker could unauthenticated restart of remote DSS Server.

Note: This vulnerability affects Linux based system only.

10. CVE-2022- 45432

Some Dahua software products have a vulnerability of unauthenticated search for devices. After bypassing the firewall access control policy, by sending a specially crafted packet to the vulnerable interface, an attacker could unauthenticated search for devices in range of IPs from remote DSS Server.

Note: This vulnerability affects Windows based system only.

11. CVE-2022- 45433

Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote DSS Server. After bypassing the firewall access control policy, by sending a specially crafted packet to the vulnerable interface, an attacker could get the traceroute results.

Note: This vulnerability affects Windows based system only.

12. CVE-2022- 45434

Some Dahua software products have a vulnerability of unauthenticated un-throttled ICMP requests on remote DSS Server. After bypassing the firewall access control policy, by sending a specially crafted packet to the vulnerable interface, an attacker could exploit the victim server to launch ICMP request attack to the designated target host.

Note: This vulnerability affects Windows based system only.

Vulnerability Score

The vulnerability classification has been performed by using the CVSSv3.1 scoring system (http://www.first.org/cvss/speciallyation-document).

CVE-2022-45423

Base Score: 5.3(AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Temporal Score: 4.8(E:P/RL:O/RC:C)

CVE-2022-45424

Base Score: 7.5(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Temporal Score: 6.7(E:P/RL:O/RC:C)

CVE-2022-45425

Base Score: 7.5(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Temporal Score: 6.7(E:P/RL:O/RC:C)

CVE-2022-45426

Base Score: 7.7(AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)

Temporal Score: 6.9(E:P/RL:O/RC:C)

CVE-2022-45427

Base Score: 8.7(AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H)

Temporal Score: 7.8(E:P/RL:O/RC:C)

CVE-2022-45428

Base Score: 4.9(AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)

Temporal Score: 4.4(E:P/RL:O/RC:C)

CVE-2022-45429

Base Score: 9.8(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Temporal Score: 8.8(E:P/RL:O/RC:C)

CVE-2022-45430

Base Score: 5.8(AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L)

Temporal Score: 5.2(E:P/RL:O/RC:C)

CVE-2022-45431

Base Score: 8.6(AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)

Temporal Score: 7.7(E:P/RL:O/RC:C)

CVE-2022-45432

Base Score: 5.8(AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)

Temporal Score: 5.2(E:P/RL:O/RC:C)

CVE-2022-45433

Base Score: 5.8(AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)

Temporal Score: 5.2(E:P/RL:O/RC:C)

CVE-2022-45434

Base Score: 5.8(AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L)

Temporal Score: 5.2(E:P/RL:O/RC:C)

Affected Products & Fix Software

The following product series and models are currently known to be affected.

Affected Model

Affected Version

Fix Software

Affected Area

DSS Professional

V7.002.1760000.2

Patch Installer for DSS Professional V7

Overseas

V8.0.2

Patch Installer for DSS Professional V8.0.2

V8.0.4

Patch Installer for DSS Professional V8.0.4

V8.1

Patch Installer for DSS Professional V8.1

V8.1.1

Patch Installer for DSS Professional V8.1.1

DSS Express

V1.000.175J000.2

Patch Installer for DSS Express V7

Overseas

V8.0.2

Patch Installer for DSS Express V8.0.2

V8.0.4

Patch Installer for DSS Express V8.0.4

V8.1

Patch Installer for DSS Express V8.1

V8.1.1

Patch Installer for DSS Express V8.1.1

DHI-DSS7016D-S2/DHI-DSS7016DR-S2

V1.001.0000001.2

Patch Install for DSS7016D/R-S2 V7

Overseas

V8.0.2

Patch Installer for DSS7016D/DR-S2 V8.0.2

V8.0.4

Patch Installer for DSS7016D/DR-S2 V8.0.4

V8.1

DSS7016D/DR-S2 V8.1

DHI-DSS4004-S2

V1.001.0000000.2

Patch Install for DSS4004-S2 V7

Overseas

V8.0.2

Patch Installer for DSS4004-S2 V8.0.2

V8.0.4

Patch Installer for DSS4004-S2 V8.0.4

V8.1

DSS4004-S2 V8.1

Note: To view the version, please log in to the Web and view it on the “About” page.

Fix Software Download

Please download the corresponding fix software or its newer version as listed in the above table from Dahua website, or contact Dahua local technical support to upgrade.

• Dahua Official website: https://software.dahuasecurity.com/en/download

• Dahua Technical Support Personnel.

Support Resources

For any questions or concerns related to our products and solutions, please contact Dahua DHCC at [email protected].

Acknowledgment

We acknowledge the support of Bashis from IPVM who discovered these vulnerabilities and reported them to DHCC.

Revision History

Version

Description

Date

V1.0

Initial public release

2022-12-20