Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dahuasecurity vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-3836
A vulnerability classified as critical was found in Dahua Smart Park Management up to 20230713. This vulnerability affects unknown code of the file /emap/devicePoint_addImgIco?hasSubsystem=true. The manipulation of the argument upload leads to unrestricted upload. The attack can ...
Dahuasecurity Smart Parking Management
2 Github repositories
NA
CVE-2023-3121
A vulnerability has been found in Dahua Smart Parking Management up to 20230528 and classified as problematic. This vulnerability affects unknown code of the file /ipms/imageConvert/image. The manipulation of the argument fileUrl leads to server-side request forgery. The exploit ...
Dahuasecurity Smart Parking Management
NA
CVE-2022-30564
Some Dahua embedded products have a vulnerability of unauthorized modification of the device timestamp. By sending a specially crafted packet to the vulnerable interface, an attacker can modify the device system time.
Dahuasecurity Ipc-hf71242f-z-x Firmware
Dahuasecurity Ipc-hf7442f-z-x Firmware
Dahuasecurity Ipc-hf7842f-z-x Firmware
Dahuasecurity Ipc-hf5241f-ze Firmware
Dahuasecurity Ipc-hf5442f-ze Firmware
Dahuasecurity Ipc-hf5541f-ze Firmware
Dahuasecurity Ipc-hf5842f-ze Firmware
Dahuasecurity Sd5a225gb-hnr Firmware
Dahuasecurity Sd5a225gb-hnr-sl Firmware
Dahuasecurity Sd5a225xa-hnr Firmware
Dahuasecurity Sd5a225xa-hnr-sl Firmware
Dahuasecurity Sd5a232gb-hnr Firmware
Dahuasecurity Sd5a232xb-hnr Firmware
Dahuasecurity Sd5a232xb-hnr-ac Firmware
Dahuasecurity Sd5a232xb-hnr-p Firmware
Dahuasecurity Sd5a245gb-hnr Firmware
Dahuasecurity Sd5a245xa-hnr Firmware
Dahuasecurity Sd5a425ga-hnr Firmware
Dahuasecurity Sd5a425xa-hnr Firmware
Dahuasecurity Sd5a432gb-hnr Firmware
Dahuasecurity Sd5a445gb-hnr Firmware
Dahuasecurity Sd5a445xa-hnr Firmware
NA
CVE-2022-45423
Some Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnerable interface (the credentials cannot be directly exploited).
Dahuasecurity Dss Express 7.002.1760000.2
Dahuasecurity Dss Express 8.0.2
Dahuasecurity Dss Express 8.0.4
Dahuasecurity Dss Express 8.1
Dahuasecurity Dss Express 8.1.1
Dahuasecurity Dss Professional 7.002.1760000.2
Dahuasecurity Dss Professional 8.0.2
Dahuasecurity Dss Professional 8.0.4
Dahuasecurity Dss Professional 8.1
Dahuasecurity Dss Professional 8.1.1
Dahuasecurity Dhi-dss7016d-s2 Firmware 1.001.0000001.2
Dahuasecurity Dhi-dss7016d-s2 Firmware 8.0.2
Dahuasecurity Dhi-dss7016d-s2 Firmware 8.0.4
Dahuasecurity Dhi-dss7016d-s2 Firmware 8.1
Dahuasecurity Dhi-dss7016dr-s2 Firmware 1.001.0000001.2
Dahuasecurity Dhi-dss7016dr-s2 Firmware 8.0.2
Dahuasecurity Dhi-dss7016dr-s2 Firmware 8.0.4
Dahuasecurity Dhi-dss7016dr-s2 Firmware 8.1
Dahuasecurity Dhi-dss4004-s2 Firmware 1.001.0000001.2
Dahuasecurity Dhi-dss4004-s2 Firmware 8.0.2
Dahuasecurity Dhi-dss4004-s2 Firmware 8.0.4
Dahuasecurity Dhi-dss4004-s2 Firmware 8.1
NA
CVE-2022-45424
Some Dahua software products have a vulnerability of unauthenticated request of AES crypto key. An attacker can obtain the AES crypto key by sending a specific crafted packet to the vulnerable interface.
Dahuasecurity Dss Express 7.002.1760000.2
Dahuasecurity Dss Express 8.0.2
Dahuasecurity Dss Express 8.0.4
Dahuasecurity Dss Express 8.1
Dahuasecurity Dss Express 8.1.1
Dahuasecurity Dss Professional 7.002.1760000.2
Dahuasecurity Dss Professional 8.0.2
Dahuasecurity Dss Professional 8.0.4
Dahuasecurity Dss Professional 8.1
Dahuasecurity Dss Professional 8.1.1
Dahuasecurity Dhi-dss7016d-s2 Firmware 1.001.0000001.2
Dahuasecurity Dhi-dss7016d-s2 Firmware 8.0.2
Dahuasecurity Dhi-dss7016d-s2 Firmware 8.0.4
Dahuasecurity Dhi-dss7016d-s2 Firmware 8.1
Dahuasecurity Dhi-dss7016dr-s2 Firmware 1.001.0000001.2
Dahuasecurity Dhi-dss7016dr-s2 Firmware 8.0.2
Dahuasecurity Dhi-dss7016dr-s2 Firmware 8.0.4
Dahuasecurity Dhi-dss7016dr-s2 Firmware 8.1
Dahuasecurity Dhi-dss4004-s2 Firmware 1.001.0000001.2
Dahuasecurity Dhi-dss4004-s2 Firmware 8.0.2
Dahuasecurity Dhi-dss4004-s2 Firmware 8.0.4
Dahuasecurity Dhi-dss4004-s2 Firmware 8.1
NA
CVE-2022-45425
Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An attacker can obtain the AES crypto key by exploiting this vulnerability.
Dahuasecurity Dss Express 7.002.1760000.2
Dahuasecurity Dss Express 8.0.2
Dahuasecurity Dss Express 8.0.4
Dahuasecurity Dss Express 8.1
Dahuasecurity Dss Express 8.1.1
Dahuasecurity Dss Professional 7.002.1760000.2
Dahuasecurity Dss Professional 8.0.2
Dahuasecurity Dss Professional 8.0.4
Dahuasecurity Dss Professional 8.1
Dahuasecurity Dss Professional 8.1.1
Dahuasecurity Dhi-dss7016d-s2 Firmware 1.001.0000001.2
Dahuasecurity Dhi-dss7016d-s2 Firmware 8.0.2
Dahuasecurity Dhi-dss7016d-s2 Firmware 8.0.4
Dahuasecurity Dhi-dss7016d-s2 Firmware 8.1
Dahuasecurity Dhi-dss7016dr-s2 Firmware 1.001.0000001.2
Dahuasecurity Dhi-dss7016dr-s2 Firmware 8.0.2
Dahuasecurity Dhi-dss7016dr-s2 Firmware 8.0.4
Dahuasecurity Dhi-dss7016dr-s2 Firmware 8.1
Dahuasecurity Dhi-dss4004-s2 Firmware 1.001.0000001.2
Dahuasecurity Dhi-dss4004-s2 Firmware 8.0.2
Dahuasecurity Dhi-dss4004-s2 Firmware 8.0.4
Dahuasecurity Dhi-dss4004-s2 Firmware 8.1
NA
CVE-2022-45426
Some Dahua software products have a vulnerability of unrestricted download of file. After obtaining the permissions of ordinary users, by sending a specific crafted packet to the vulnerable interface, an attacker can download arbitrary files.
Dahuasecurity Dss Express 7.002.1760000.2
Dahuasecurity Dss Express 8.0.2
Dahuasecurity Dss Express 8.0.4
Dahuasecurity Dss Express 8.1
Dahuasecurity Dss Express 8.1.1
Dahuasecurity Dss Professional 7.002.1760000.2
Dahuasecurity Dss Professional 8.0.2
Dahuasecurity Dss Professional 8.0.4
Dahuasecurity Dss Professional 8.1
Dahuasecurity Dss Professional 8.1.1
Dahuasecurity Dhi-dss7016d-s2 Firmware 1.001.0000001.2
Dahuasecurity Dhi-dss7016d-s2 Firmware 8.0.2
Dahuasecurity Dhi-dss7016d-s2 Firmware 8.0.4
Dahuasecurity Dhi-dss7016d-s2 Firmware 8.1
Dahuasecurity Dhi-dss7016dr-s2 Firmware 1.001.0000001.2
Dahuasecurity Dhi-dss7016dr-s2 Firmware 8.0.2
Dahuasecurity Dhi-dss7016dr-s2 Firmware 8.0.4
Dahuasecurity Dhi-dss7016dr-s2 Firmware 8.1
Dahuasecurity Dhi-dss4004-s2 Firmware 1.001.0000001.2
Dahuasecurity Dhi-dss4004-s2 Firmware 8.0.2
Dahuasecurity Dhi-dss4004-s2 Firmware 8.0.4
Dahuasecurity Dhi-dss4004-s2 Firmware 8.1
NA
CVE-2022-45427
Some Dahua software products have a vulnerability of unrestricted upload of file. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can upload arbitrary files.
Dahuasecurity Dss Express 7.002.1760000.2
Dahuasecurity Dss Express 8.0.2
Dahuasecurity Dss Express 8.0.4
Dahuasecurity Dss Express 8.1
Dahuasecurity Dss Express 8.1.1
Dahuasecurity Dss Professional 7.002.1760000.2
Dahuasecurity Dss Professional 8.0.2
Dahuasecurity Dss Professional 8.0.4
Dahuasecurity Dss Professional 8.1
Dahuasecurity Dss Professional 8.1.1
Dahuasecurity Dhi-dss7016d-s2 Firmware 1.001.0000001.2
Dahuasecurity Dhi-dss7016d-s2 Firmware 8.0.2
Dahuasecurity Dhi-dss7016d-s2 Firmware 8.0.4
Dahuasecurity Dhi-dss7016d-s2 Firmware 8.1
Dahuasecurity Dhi-dss7016dr-s2 Firmware 1.001.0000001.2
Dahuasecurity Dhi-dss7016dr-s2 Firmware 8.0.2
Dahuasecurity Dhi-dss7016dr-s2 Firmware 8.0.4
Dahuasecurity Dhi-dss7016dr-s2 Firmware 8.1
Dahuasecurity Dhi-dss4004-s2 Firmware 1.001.0000001.2
Dahuasecurity Dhi-dss4004-s2 Firmware 8.0.2
Dahuasecurity Dhi-dss4004-s2 Firmware 8.0.4
Dahuasecurity Dhi-dss4004-s2 Firmware 8.1
NA
CVE-2022-45428
Some Dahua software products have a vulnerability of sensitive information leakage. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can obtain the debugging information.
Dahuasecurity Dss Express 7.002.1760000.2
Dahuasecurity Dss Express 8.0.2
Dahuasecurity Dss Express 8.0.4
Dahuasecurity Dss Express 8.1
Dahuasecurity Dss Express 8.1.1
Dahuasecurity Dss Professional 7.002.1760000.2
Dahuasecurity Dss Professional 8.0.2
Dahuasecurity Dss Professional 8.0.4
Dahuasecurity Dss Professional 8.1
Dahuasecurity Dss Professional 8.1.1
Dahuasecurity Dhi-dss7016d-s2 Firmware 1.001.0000001.2
Dahuasecurity Dhi-dss7016d-s2 Firmware 8.0.2
Dahuasecurity Dhi-dss7016d-s2 Firmware 8.0.4
Dahuasecurity Dhi-dss7016d-s2 Firmware 8.1
Dahuasecurity Dhi-dss7016dr-s2 Firmware 1.001.0000001.2
Dahuasecurity Dhi-dss7016dr-s2 Firmware 8.0.2
Dahuasecurity Dhi-dss7016dr-s2 Firmware 8.0.4
Dahuasecurity Dhi-dss7016dr-s2 Firmware 8.1
Dahuasecurity Dhi-dss4004-s2 Firmware 1.001.0000001.2
Dahuasecurity Dhi-dss4004-s2 Firmware 8.0.2
Dahuasecurity Dhi-dss4004-s2 Firmware 8.0.4
Dahuasecurity Dhi-dss4004-s2 Firmware 8.1
NA
CVE-2022-45429
Some Dahua software products have a vulnerability of server-side request forgery (SSRF). An Attacker can access internal resources by concatenating links (URL) that conform to specific rules.
Dahuasecurity Dss Express 7.002.1760000.2
Dahuasecurity Dss Express 8.0.2
Dahuasecurity Dss Express 8.0.4
Dahuasecurity Dss Express 8.1
Dahuasecurity Dss Express 8.1.1
Dahuasecurity Dss Professional 7.002.1760000.2
Dahuasecurity Dss Professional 8.0.2
Dahuasecurity Dss Professional 8.0.4
Dahuasecurity Dss Professional 8.1
Dahuasecurity Dss Professional 8.1.1
Dahuasecurity Dhi-dss7016d-s2 Firmware 1.001.0000001.2
Dahuasecurity Dhi-dss7016d-s2 Firmware 8.0.2
Dahuasecurity Dhi-dss7016d-s2 Firmware 8.0.4
Dahuasecurity Dhi-dss7016d-s2 Firmware 8.1
Dahuasecurity Dhi-dss7016dr-s2 Firmware 1.001.0000001.2
Dahuasecurity Dhi-dss7016dr-s2 Firmware 8.0.2
Dahuasecurity Dhi-dss7016dr-s2 Firmware 8.0.4
Dahuasecurity Dhi-dss7016dr-s2 Firmware 8.1
Dahuasecurity Dhi-dss4004-s2 Firmware 1.001.0000001.2
Dahuasecurity Dhi-dss4004-s2 Firmware 8.0.2
Dahuasecurity Dhi-dss4004-s2 Firmware 8.0.4
Dahuasecurity Dhi-dss4004-s2 Firmware 8.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »