CVE-2022-45427

HIGH WAF: Medium

CVSS 7.2 Published: 2022-12-27

CWE-434 CWE-434

Some Dahua software products have a vulnerability of unrestricted upload of file. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can upload arbitrary files.

WAF Coverage Analysis

Unrestricted File Upload Medium WAF Coverage

OWASP: A04:2021 Insecure Design

930xxx - Local File Inclusion

Unrestricted File Upload Medium WAF Coverage

OWASP: A04:2021 Insecure Design

930xxx - Local File Inclusion

Affected Software

Vendor	Product	Version
dahuasecurity	dss_express	7.002.1760000.2
dahuasecurity	dss_express	8.0.2
dahuasecurity	dss_express	8.0.4
dahuasecurity	dss_express	8.1
dahuasecurity	dss_express	8.1.1
dahuasecurity	dss_professional	7.002.1760000.2
dahuasecurity	dss_professional	8.0.2
dahuasecurity	dss_professional	8.0.4
dahuasecurity	dss_professional	8.1
dahuasecurity	dss_professional	8.1.1

References

www.dahuasecurity.com (Patch, Vendor Advisory)

Back to CVE Database