CVE-2023-3121

Name of the Vulnerable Software and Affected Versions Dahua Smart Parking Management versions up to 20230528

Description The issue is related to insufficient checking of incoming requests in the /ipms/imageConvert/image file of the Dahua Smart Parking Management system. This can allow a remote attacker to perform a server-side request forgery (SSRF) attack by manipulating the fileUrl argument. The exploit has been publicly disclosed, and the vendor was contacted but did not respond.

Recommendations For versions up to 20230528, as a temporary workaround, consider restricting access to the /ipms/imageConvert/image file to minimize the risk of exploitation. Avoid using the fileUrl argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.