CVE-2022-45427

Name of the Vulnerable Software and Affected Versions Dahua software products (affected versions not specified) DSS Professional (affected versions not specified) DSS Express (affected versions not specified) DHI-DSS4004-S2 (affected versions not specified) DHI-DSS7016D-S2 (affected versions not specified) DHI-DSS7016DR-S2 (affected versions not specified)

Description The issue is related to an unrestricted upload of file vulnerability. After obtaining administrator permissions, an attacker can upload arbitrary files by sending a crafted packet to the vulnerable interface. This can be exploited remotely.

Recommendations For Dahua software products, consider restricting access to the vulnerable interface until a patch is available. For DSS Professional, DSS Express, DHI-DSS4004-S2, DHI-DSS7016D-S2, and DHI-DSS7016DR-S2, restrict the ability to upload files to authorized personnel only. At the moment, there is no information about a newer version that contains a fix for this vulnerability.