CVE-2022-45429

HIGH WAF: Medium
CVSS 7.5 Published: 2022-12-27
CWE-918 CWE-918

Some Dahua software products have a vulnerability of server-side request forgery (SSRF). An Attacker can access internal resources by concatenating links (URL) that conform to specific rules.

WAF Coverage Analysis

Server-Side Request Forgery (SSRF) Medium WAF Coverage

OWASP: A10:2021 SSRF

934xxx - Node.js / Generic Injection
Server-Side Request Forgery (SSRF) Medium WAF Coverage

OWASP: A10:2021 SSRF

934xxx - Node.js / Generic Injection

Affected Software

VendorProductVersion
dahuasecuritydss_express7.002.1760000.2
dahuasecuritydss_express8.0.2
dahuasecuritydss_express8.0.4
dahuasecuritydss_express8.1
dahuasecuritydss_express8.1.1
dahuasecuritydss_professional7.002.1760000.2
dahuasecuritydss_professional8.0.2
dahuasecuritydss_professional8.0.4
dahuasecuritydss_professional8.1
dahuasecuritydss_professional8.1.1

References

Back to CVE Database