CVE-2022-45433

LOW

Dahua DSS Firmware - Unauthenticated Traceroute Host Information Disclosure

Title source: llm

Description

Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could get the traceroute results.

References (1)

Core 1

Core References

Patch, Vendor Advisory

https://www.dahuasecurity.com/support/cybersecurity/details/1137

Scores

CVSS v3 3.7

EPSS 0.0063

EPSS Percentile 45.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-306

Status published

Products (22)

dahuasecurity/dhi-dss4004-s2_firmware 1.001.0000001.2

dahuasecurity/dhi-dss4004-s2_firmware 8.0.2

dahuasecurity/dhi-dss4004-s2_firmware 8.0.4

dahuasecurity/dhi-dss4004-s2_firmware 8.1

dahuasecurity/dhi-dss7016d-s2_firmware 1.001.0000001.2

dahuasecurity/dhi-dss7016d-s2_firmware 8.0.2

dahuasecurity/dhi-dss7016d-s2_firmware 8.0.4

dahuasecurity/dhi-dss7016d-s2_firmware 8.1

dahuasecurity/dhi-dss7016dr-s2_firmware 1.001.0000001.2

dahuasecurity/dhi-dss7016dr-s2_firmware 8.0.2

... and 12 more

Published Dec 27, 2022

Tracked Since Feb 18, 2026