{"vulnerability": "CVE-2022-4542", "sightings": [{"uuid": "924fbb7d-9629-472c-b7c1-fc47c8d0256b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-45426", "type": "seen", "source": "https://t.me/cibsecurity/55429", "content": "\u203c CVE-2022-45426 \u203c\n\nSome Dahua software products have a vulnerability of unrestricted download of file. After obtaining the permissions of ordinary users, by sending a specific crafted packet to the vulnerable interface, an attacker can download arbitrary files.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-27T20:22:28.000000Z"}, {"uuid": "da7772e3-266c-41ae-af5c-d34cbf9f5328", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-45428", "type": "seen", "source": "https://t.me/cibsecurity/55428", "content": "\u203c CVE-2022-45428 \u203c\n\nSome Dahua software products have a vulnerability of sensitive information leakage. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can obtain the debugging information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-27T20:11:42.000000Z"}, {"uuid": "52e28a7b-d9f9-428e-864b-74e89ee2d6fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-45425", "type": "seen", "source": "https://t.me/cibsecurity/55436", "content": "\u203c CVE-2022-45425 \u203c\n\nSome Dahua software products have a vulnerability of using of hard-coded cryptographic key. An attacker can obtain the AES crypto key by exploiting this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-27T20:25:37.000000Z"}, {"uuid": "4e2c546e-8f68-49a8-bd36-4219e7aa7064", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-45427", "type": "seen", "source": "https://t.me/cibsecurity/55435", "content": "\u203c CVE-2022-45427 \u203c\n\nSome Dahua software products have a vulnerability of unrestricted upload of file. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can upload arbitrary files.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-27T20:25:36.000000Z"}, {"uuid": "ea2ae4de-2ca1-4cc2-a0c6-5cdf033fef72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-45424", "type": "seen", "source": "https://t.me/cibsecurity/55433", "content": "\u203c CVE-2022-45424 \u203c\n\nSome Dahua software products have a vulnerability of unauthenticated request of AES crypto key. An attacker can obtain the AES crypto key by sending a specific crafted packet to the vulnerable interface.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-27T20:23:35.000000Z"}, {"uuid": "7ee86548-2b96-42ef-8542-f6cc91f64d59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-45429", "type": "seen", "source": "https://t.me/cibsecurity/55432", "content": "\u203c CVE-2022-45429 \u203c\n\nSome Dahua software products have a vulnerability of server-side request forgery (SSRF). An Attacker can access internal resources by concatenating links (URL) that conform to specific rules.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-27T20:23:35.000000Z"}, {"uuid": "9d116a98-d19f-41b6-a82b-c1fd2bf24d50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-45423", "type": "seen", "source": "https://t.me/cibsecurity/55439", "content": "\u203c CVE-2022-45423 \u203c\n\nSome Dahua software products have a vulnerability of unauthenticated request of MQTT credentials. An attacker can obtain encrypted MQTT credentials by sending a specific crafted packet to the vulnerable interface (the credentials cannot be directly exploited).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-27T20:25:40.000000Z"}, {"uuid": "9673c39b-fd65-41df-a6dd-57cb43495918", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-45422", "type": "seen", "source": "https://t.me/cibsecurity/53274", "content": "\u203c CVE-2022-45422 \u203c\n\nWhen LG SmartShare is installed, local privilege escalation is possible through DLL Hijacking attack. The LG ID is LVE-HOT-220005.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-21T20:37:28.000000Z"}, {"uuid": "70ad5775-58a0-42b4-a089-79e484fcd4aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-45429", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11522", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45429\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Some Dahua software products have a vulnerability of server-side request forgery (SSRF). An Attacker can access internal resources by concatenating links (URL) that conform to specific rules.\n\ud83d\udccf Published: 2022-12-27T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-11T23:11:09.562Z\n\ud83d\udd17 References:\n1. https://www.dahuasecurity.com/support/cybersecurity/details/1137", "creation_timestamp": "2025-04-11T23:51:34.000000Z"}, {"uuid": "25e8839e-46a6-4881-a0d3-3b76c5ed80a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-45422", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13687", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45422\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: When LG SmartShare is installed, local privilege escalation is possible through DLL Hijacking attack. The LG ID is LVE-HOT-220005.\n\ud83d\udccf Published: 2022-11-21T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-28T14:42:12.211Z\n\ud83d\udd17 References:\n1. https://lgsecurity.lge.com/bulletins/pc", "creation_timestamp": "2025-04-28T15:10:50.000000Z"}]}