Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for ipc-hfw2230s-s-s2_firmware by dahuasecurity

    CVE-2022-30563 (GCVE-0-2022-30563)

    Vulnerability from nvd – Published: 2022-06-28 13:44 – Updated: 2024-08-03 06:48
    VLAI
    Summary
    When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user's login packet.
    Severity
    No CVSS data available.
    CWE
    • Replay Attacks
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a IPCHDBW2XXX[IPCHFW2XXX[ASI7XXXX Affected: Versions which Build time before April, 2022
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:48:36.397Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "IPCHDBW2XXX[IPCHFW2XXX[ASI7XXXX",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions which Build time before April, 2022"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user\u0027s login packet."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Replay Attacks",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-28T13:44:56.000Z",
            "orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
            "shortName": "dahua"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@dahuatech.com",
              "ID": "CVE-2022-30563",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "IPCHDBW2XXX[IPCHFW2XXX[ASI7XXXX",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions which Build time before April, 2022"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user\u0027s login packet."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Replay Attacks"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dahuasecurity.com/support/cybersecurity/details/1017",
                  "refsource": "MISC",
                  "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
        "assignerShortName": "dahua",
        "cveId": "CVE-2022-30563",
        "datePublished": "2022-06-28T13:44:56.000Z",
        "dateReserved": "2022-05-11T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:48:36.397Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-30562 (GCVE-0-2022-30562)

    Vulnerability from nvd – Published: 2022-06-28 13:43 – Updated: 2024-08-03 06:48
    VLAI
    Summary
    If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page.
    Severity
    No CVSS data available.
    CWE
    • URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a IPCHDBW2XXX IPCHFW2XXX ASI7XXXX Affected: Versions which Build time before April, 2022
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:48:36.390Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "IPCHDBW2XXX IPCHFW2XXX ASI7XXXX",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions which Build time before April, 2022"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "If the user enables the https function on the device, an attacker can modify the user\u2019s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-28T13:43:54.000Z",
            "orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
            "shortName": "dahua"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@dahuatech.com",
              "ID": "CVE-2022-30562",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "IPCHDBW2XXX IPCHFW2XXX ASI7XXXX",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions which Build time before April, 2022"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "If the user enables the https function on the device, an attacker can modify the user\u2019s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dahuasecurity.com/support/cybersecurity/details/1017",
                  "refsource": "MISC",
                  "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
        "assignerShortName": "dahua",
        "cveId": "CVE-2022-30562",
        "datePublished": "2022-06-28T13:43:54.000Z",
        "dateReserved": "2022-05-11T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:48:36.390Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-30561 (GCVE-0-2022-30561)

    Vulnerability from nvd – Published: 2022-06-28 13:42 – Updated: 2024-08-03 06:48
    VLAI
    Summary
    When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user's login packet.
    Severity
    No CVSS data available.
    CWE
    • Replay Attacks
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a IPCHDBW2XXX IPCHFW2XXX ASI7XXXX Affected: Versions which Build time before April, 2022
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:48:36.529Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "IPCHDBW2XXX IPCHFW2XXX ASI7XXXX",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions which Build time before April, 2022"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user\u0027s login packet."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Replay Attacks",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-28T13:42:37.000Z",
            "orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
            "shortName": "dahua"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@dahuatech.com",
              "ID": "CVE-2022-30561",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "IPCHDBW2XXX IPCHFW2XXX ASI7XXXX",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions which Build time before April, 2022"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user\u0027s login packet."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Replay Attacks"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dahuasecurity.com/support/cybersecurity/details/1017",
                  "refsource": "MISC",
                  "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
        "assignerShortName": "dahua",
        "cveId": "CVE-2022-30561",
        "datePublished": "2022-06-28T13:42:37.000Z",
        "dateReserved": "2022-05-11T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:48:36.529Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-30560 (GCVE-0-2022-30560)

    Vulnerability from nvd – Published: 2022-06-28 13:41 – Updated: 2024-08-03 06:48
    VLAI
    Summary
    When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash.
    Severity
    No CVSS data available.
    CWE
    • Denial of service
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a IPCHDBW2XXX IPCHFW2XXX ASI7XXXX Affected: Versions which Build time before April
    Affected: 2022
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:48:36.391Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "IPCHDBW2XXX IPCHFW2XXX ASI7XXXX",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions which Build time before April"
                },
                {
                  "status": "affected",
                  "version": "2022"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-28T13:41:11.000Z",
            "orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
            "shortName": "dahua"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@dahuatech.com",
              "ID": "CVE-2022-30560",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "IPCHDBW2XXX IPCHFW2XXX ASI7XXXX",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions which Build time before April"
                              },
                              {
                                "version_value": "2022"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dahuasecurity.com/support/cybersecurity/details/1017",
                  "refsource": "MISC",
                  "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
        "assignerShortName": "dahua",
        "cveId": "CVE-2022-30560",
        "datePublished": "2022-06-28T13:41:11.000Z",
        "dateReserved": "2022-05-11T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:48:36.391Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-30563 (GCVE-0-2022-30563)

    Vulnerability from cvelistv5 – Published: 2022-06-28 13:44 – Updated: 2024-08-03 06:48
    VLAI
    Summary
    When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user's login packet.
    Severity
    No CVSS data available.
    CWE
    • Replay Attacks
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a IPCHDBW2XXX[IPCHFW2XXX[ASI7XXXX Affected: Versions which Build time before April, 2022
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:48:36.397Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "IPCHDBW2XXX[IPCHFW2XXX[ASI7XXXX",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions which Build time before April, 2022"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user\u0027s login packet."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Replay Attacks",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-28T13:44:56.000Z",
            "orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
            "shortName": "dahua"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@dahuatech.com",
              "ID": "CVE-2022-30563",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "IPCHDBW2XXX[IPCHFW2XXX[ASI7XXXX",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions which Build time before April, 2022"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user\u0027s login packet."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Replay Attacks"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dahuasecurity.com/support/cybersecurity/details/1017",
                  "refsource": "MISC",
                  "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
        "assignerShortName": "dahua",
        "cveId": "CVE-2022-30563",
        "datePublished": "2022-06-28T13:44:56.000Z",
        "dateReserved": "2022-05-11T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:48:36.397Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-30562 (GCVE-0-2022-30562)

    Vulnerability from cvelistv5 – Published: 2022-06-28 13:43 – Updated: 2024-08-03 06:48
    VLAI
    Summary
    If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page.
    Severity
    No CVSS data available.
    CWE
    • URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a IPCHDBW2XXX IPCHFW2XXX ASI7XXXX Affected: Versions which Build time before April, 2022
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:48:36.390Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "IPCHDBW2XXX IPCHFW2XXX ASI7XXXX",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions which Build time before April, 2022"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "If the user enables the https function on the device, an attacker can modify the user\u2019s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-28T13:43:54.000Z",
            "orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
            "shortName": "dahua"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@dahuatech.com",
              "ID": "CVE-2022-30562",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "IPCHDBW2XXX IPCHFW2XXX ASI7XXXX",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions which Build time before April, 2022"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "If the user enables the https function on the device, an attacker can modify the user\u2019s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dahuasecurity.com/support/cybersecurity/details/1017",
                  "refsource": "MISC",
                  "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
        "assignerShortName": "dahua",
        "cveId": "CVE-2022-30562",
        "datePublished": "2022-06-28T13:43:54.000Z",
        "dateReserved": "2022-05-11T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:48:36.390Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-30561 (GCVE-0-2022-30561)

    Vulnerability from cvelistv5 – Published: 2022-06-28 13:42 – Updated: 2024-08-03 06:48
    VLAI
    Summary
    When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user's login packet.
    Severity
    No CVSS data available.
    CWE
    • Replay Attacks
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a IPCHDBW2XXX IPCHFW2XXX ASI7XXXX Affected: Versions which Build time before April, 2022
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:48:36.529Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "IPCHDBW2XXX IPCHFW2XXX ASI7XXXX",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions which Build time before April, 2022"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user\u0027s login packet."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Replay Attacks",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-28T13:42:37.000Z",
            "orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
            "shortName": "dahua"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@dahuatech.com",
              "ID": "CVE-2022-30561",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "IPCHDBW2XXX IPCHFW2XXX ASI7XXXX",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions which Build time before April, 2022"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user\u0027s login packet."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Replay Attacks"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dahuasecurity.com/support/cybersecurity/details/1017",
                  "refsource": "MISC",
                  "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
        "assignerShortName": "dahua",
        "cveId": "CVE-2022-30561",
        "datePublished": "2022-06-28T13:42:37.000Z",
        "dateReserved": "2022-05-11T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:48:36.529Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-30560 (GCVE-0-2022-30560)

    Vulnerability from cvelistv5 – Published: 2022-06-28 13:41 – Updated: 2024-08-03 06:48
    VLAI
    Summary
    When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash.
    Severity
    No CVSS data available.
    CWE
    • Denial of service
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a IPCHDBW2XXX IPCHFW2XXX ASI7XXXX Affected: Versions which Build time before April
    Affected: 2022
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:48:36.391Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "IPCHDBW2XXX IPCHFW2XXX ASI7XXXX",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions which Build time before April"
                },
                {
                  "status": "affected",
                  "version": "2022"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-28T13:41:11.000Z",
            "orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
            "shortName": "dahua"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@dahuatech.com",
              "ID": "CVE-2022-30560",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "IPCHDBW2XXX IPCHFW2XXX ASI7XXXX",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions which Build time before April"
                              },
                              {
                                "version_value": "2022"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dahuasecurity.com/support/cybersecurity/details/1017",
                  "refsource": "MISC",
                  "url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
        "assignerShortName": "dahua",
        "cveId": "CVE-2022-30560",
        "datePublished": "2022-06-28T13:41:11.000Z",
        "dateReserved": "2022-05-11T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:48:36.391Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }