CVE-2022-2334

Name of the Vulnerable Software and Affected Versions Softing Secure Integration Server version V1.22 Dahua ASI7213X-T1 (affected versions not specified)

Description The issue is related to an uncontrolled search path element that allows an attacker to execute arbitrary code by placing a malicious dll. This can lead to privilege escalation. Additionally, there is a vulnerability in the Dahua ASI7213X-T1 access control terminal software that allows bypassing the authentication procedure, enabling remote access to the device without a password.

Recommendations For Softing Secure Integration Server version V1.22, consider restricting access to the wbemcomn module to minimize the risk of exploitation. For Dahua ASI7213X-T1, as a temporary workaround, restrict remote access to the device until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.