Search
Find a vulnerability
Search criteria
8 vulnerabilities found for ipc-hfw2230s-s-s2_firmware by dahuasecurity
CVE-2022-30563 (GCVE-0-2022-30563)
Vulnerability from nvd – Published: 2022-06-28 13:44 – Updated: 2024-08-03 06:48
VLAI
Summary
When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user's login packet.
Severity
No CVSS data available.
CWE
- Replay Attacks
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dahuasecurity.com/support/cybersecuri… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | IPCHDBW2XXX[IPCHFW2XXX[ASI7XXXX |
Affected:
Versions which Build time before April, 2022
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:48:36.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IPCHDBW2XXX[IPCHFW2XXX[ASI7XXXX",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions which Build time before April, 2022"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user\u0027s login packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Replay Attacks",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-28T13:44:56.000Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@dahuatech.com",
"ID": "CVE-2022-30563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IPCHDBW2XXX[IPCHFW2XXX[ASI7XXXX",
"version": {
"version_data": [
{
"version_value": "Versions which Build time before April, 2022"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user\u0027s login packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Replay Attacks"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dahuasecurity.com/support/cybersecurity/details/1017",
"refsource": "MISC",
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2022-30563",
"datePublished": "2022-06-28T13:44:56.000Z",
"dateReserved": "2022-05-11T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:48:36.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30562 (GCVE-0-2022-30562)
Vulnerability from nvd – Published: 2022-06-28 13:43 – Updated: 2024-08-03 06:48
VLAI
Summary
If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page.
Severity
No CVSS data available.
CWE
- URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dahuasecurity.com/support/cybersecuri… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | IPCHDBW2XXX IPCHFW2XXX ASI7XXXX |
Affected:
Versions which Build time before April, 2022
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:48:36.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IPCHDBW2XXX IPCHFW2XXX ASI7XXXX",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions which Build time before April, 2022"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "If the user enables the https function on the device, an attacker can modify the user\u2019s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-28T13:43:54.000Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@dahuatech.com",
"ID": "CVE-2022-30562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IPCHDBW2XXX IPCHFW2XXX ASI7XXXX",
"version": {
"version_data": [
{
"version_value": "Versions which Build time before April, 2022"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If the user enables the https function on the device, an attacker can modify the user\u2019s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dahuasecurity.com/support/cybersecurity/details/1017",
"refsource": "MISC",
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2022-30562",
"datePublished": "2022-06-28T13:43:54.000Z",
"dateReserved": "2022-05-11T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:48:36.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30561 (GCVE-0-2022-30561)
Vulnerability from nvd – Published: 2022-06-28 13:42 – Updated: 2024-08-03 06:48
VLAI
Summary
When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user's login packet.
Severity
No CVSS data available.
CWE
- Replay Attacks
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dahuasecurity.com/support/cybersecuri… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | IPCHDBW2XXX IPCHFW2XXX ASI7XXXX |
Affected:
Versions which Build time before April, 2022
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:48:36.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IPCHDBW2XXX IPCHFW2XXX ASI7XXXX",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions which Build time before April, 2022"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user\u0027s login packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Replay Attacks",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-28T13:42:37.000Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@dahuatech.com",
"ID": "CVE-2022-30561",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IPCHDBW2XXX IPCHFW2XXX ASI7XXXX",
"version": {
"version_data": [
{
"version_value": "Versions which Build time before April, 2022"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user\u0027s login packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Replay Attacks"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dahuasecurity.com/support/cybersecurity/details/1017",
"refsource": "MISC",
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2022-30561",
"datePublished": "2022-06-28T13:42:37.000Z",
"dateReserved": "2022-05-11T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:48:36.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30560 (GCVE-0-2022-30560)
Vulnerability from nvd – Published: 2022-06-28 13:41 – Updated: 2024-08-03 06:48
VLAI
Summary
When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash.
Severity
No CVSS data available.
CWE
- Denial of service
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dahuasecurity.com/support/cybersecuri… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | IPCHDBW2XXX IPCHFW2XXX ASI7XXXX |
Affected:
Versions which Build time before April
Affected: 2022 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:48:36.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IPCHDBW2XXX IPCHFW2XXX ASI7XXXX",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions which Build time before April"
},
{
"status": "affected",
"version": "2022"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-28T13:41:11.000Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@dahuatech.com",
"ID": "CVE-2022-30560",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IPCHDBW2XXX IPCHFW2XXX ASI7XXXX",
"version": {
"version_data": [
{
"version_value": "Versions which Build time before April"
},
{
"version_value": "2022"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dahuasecurity.com/support/cybersecurity/details/1017",
"refsource": "MISC",
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2022-30560",
"datePublished": "2022-06-28T13:41:11.000Z",
"dateReserved": "2022-05-11T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:48:36.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30563 (GCVE-0-2022-30563)
Vulnerability from cvelistv5 – Published: 2022-06-28 13:44 – Updated: 2024-08-03 06:48
VLAI
Summary
When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user's login packet.
Severity
No CVSS data available.
CWE
- Replay Attacks
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dahuasecurity.com/support/cybersecuri… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | IPCHDBW2XXX[IPCHFW2XXX[ASI7XXXX |
Affected:
Versions which Build time before April, 2022
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:48:36.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IPCHDBW2XXX[IPCHFW2XXX[ASI7XXXX",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions which Build time before April, 2022"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user\u0027s login packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Replay Attacks",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-28T13:44:56.000Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@dahuatech.com",
"ID": "CVE-2022-30563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IPCHDBW2XXX[IPCHFW2XXX[ASI7XXXX",
"version": {
"version_data": [
{
"version_value": "Versions which Build time before April, 2022"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user\u0027s login packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Replay Attacks"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dahuasecurity.com/support/cybersecurity/details/1017",
"refsource": "MISC",
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2022-30563",
"datePublished": "2022-06-28T13:44:56.000Z",
"dateReserved": "2022-05-11T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:48:36.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30562 (GCVE-0-2022-30562)
Vulnerability from cvelistv5 – Published: 2022-06-28 13:43 – Updated: 2024-08-03 06:48
VLAI
Summary
If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page.
Severity
No CVSS data available.
CWE
- URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dahuasecurity.com/support/cybersecuri… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | IPCHDBW2XXX IPCHFW2XXX ASI7XXXX |
Affected:
Versions which Build time before April, 2022
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:48:36.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IPCHDBW2XXX IPCHFW2XXX ASI7XXXX",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions which Build time before April, 2022"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "If the user enables the https function on the device, an attacker can modify the user\u2019s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-28T13:43:54.000Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@dahuatech.com",
"ID": "CVE-2022-30562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IPCHDBW2XXX IPCHFW2XXX ASI7XXXX",
"version": {
"version_data": [
{
"version_value": "Versions which Build time before April, 2022"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If the user enables the https function on the device, an attacker can modify the user\u2019s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dahuasecurity.com/support/cybersecurity/details/1017",
"refsource": "MISC",
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2022-30562",
"datePublished": "2022-06-28T13:43:54.000Z",
"dateReserved": "2022-05-11T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:48:36.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30561 (GCVE-0-2022-30561)
Vulnerability from cvelistv5 – Published: 2022-06-28 13:42 – Updated: 2024-08-03 06:48
VLAI
Summary
When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user's login packet.
Severity
No CVSS data available.
CWE
- Replay Attacks
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dahuasecurity.com/support/cybersecuri… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | IPCHDBW2XXX IPCHFW2XXX ASI7XXXX |
Affected:
Versions which Build time before April, 2022
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:48:36.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IPCHDBW2XXX IPCHFW2XXX ASI7XXXX",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions which Build time before April, 2022"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user\u0027s login packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Replay Attacks",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-28T13:42:37.000Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@dahuatech.com",
"ID": "CVE-2022-30561",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IPCHDBW2XXX IPCHFW2XXX ASI7XXXX",
"version": {
"version_data": [
{
"version_value": "Versions which Build time before April, 2022"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user\u0027s login packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Replay Attacks"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dahuasecurity.com/support/cybersecurity/details/1017",
"refsource": "MISC",
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2022-30561",
"datePublished": "2022-06-28T13:42:37.000Z",
"dateReserved": "2022-05-11T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:48:36.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30560 (GCVE-0-2022-30560)
Vulnerability from cvelistv5 – Published: 2022-06-28 13:41 – Updated: 2024-08-03 06:48
VLAI
Summary
When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash.
Severity
No CVSS data available.
CWE
- Denial of service
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dahuasecurity.com/support/cybersecuri… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | IPCHDBW2XXX IPCHFW2XXX ASI7XXXX |
Affected:
Versions which Build time before April
Affected: 2022 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:48:36.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IPCHDBW2XXX IPCHFW2XXX ASI7XXXX",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions which Build time before April"
},
{
"status": "affected",
"version": "2022"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-28T13:41:11.000Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@dahuatech.com",
"ID": "CVE-2022-30560",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IPCHDBW2XXX IPCHFW2XXX ASI7XXXX",
"version": {
"version_data": [
{
"version_value": "Versions which Build time before April"
},
{
"version_value": "2022"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dahuasecurity.com/support/cybersecurity/details/1017",
"refsource": "MISC",
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/1017"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2022-30560",
"datePublished": "2022-06-28T13:41:11.000Z",
"dateReserved": "2022-05-11T00:00:00.000Z",
"dateUpdated": "2024-08-03T06:48:36.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}