ByteOS Network

Vulnerability Details :

CVE-2022-45428

Assigner-dahua

Assigner Org ID-79ee569e-7d1e-4364-98f0-3a18e2a739ad

Published At-27 Dec, 2022 | 00:00

Updated At-14 Apr, 2025 | 13:16

Some Dahua software products have a vulnerability of sensitive information leakage. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can obtain the debugging information.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:dahua

Assigner Org ID:79ee569e-7d1e-4364-98f0-3a18e2a739ad

Published At:27 Dec, 2022 | 00:00

Updated At:14 Apr, 2025 | 13:16

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

DSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2

Versions

Affected

V8.0.2, V8.0.4, V8.1

Problem Types

Type	CWE ID	Description
text	N/A	Exposure of Sensitive Information to an Unauthorized Actor

Type: text

CWE ID: N/A

Description: Exposure of Sensitive Information to an Unauthorized Actor

References

Hyperlink	Resource
https://www.dahuasecurity.com/support/cybersecurity/details/1137	N/A

Hyperlink: https://www.dahuasecurity.com/support/cybersecurity/details/1137

Resource: N/A

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://www.dahuasecurity.com/support/cybersecurity/details/1137	x_transferred

Hyperlink: https://www.dahuasecurity.com/support/cybersecurity/details/1137

Resource:

x_transferred

2. CISA ADP Vulnrichment

Problem Types

Type	CWE ID	Description
CWE	CWE-201	CWE-201 Insertion of Sensitive Information Into Sent Data

Type: CWE

CWE ID: CWE-201

Description: CWE-201 Insertion of Sensitive Information Into Sent Data

Metrics

Version	Base score	Base severity	Vector
3.1	2.7	LOW	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Version: 3.1

Base score: 2.7

Base severity: LOW

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cybersecurity@dahuatech.com

Published At:27 Dec, 2022 | 18:15

Updated At:14 Apr, 2025 | 14:15

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	2.7	LOW	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Secondary	3.1	2.7	LOW	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Type: Primary

Version: 3.1

Base score: 2.7

Base severity: LOW

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 2.7

Base severity: LOW

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CPE Matches

Dahua Technology Co., Ltd

>>dss_express>>7.002.1760000.2

cpe:2.3:a:dahuasecurity:dss_express:7.002.1760000.2:*:*:*:*:*:*:*

Dahua Technology Co., Ltd

>>dss_express>>8.0.2

cpe:2.3:a:dahuasecurity:dss_express:8.0.2:*:*:*:*:*:*:*

Dahua Technology Co., Ltd

>>dss_express>>8.0.4

cpe:2.3:a:dahuasecurity:dss_express:8.0.4:*:*:*:*:*:*:*

Dahua Technology Co., Ltd

>>dss_express>>8.1

cpe:2.3:a:dahuasecurity:dss_express:8.1:*:*:*:*:*:*:*

Dahua Technology Co., Ltd

>>dss_express>>8.1.1

cpe:2.3:a:dahuasecurity:dss_express:8.1.1:*:*:*:*:*:*:*

Dahua Technology Co., Ltd

>>dss_professional>>7.002.1760000.2

cpe:2.3:a:dahuasecurity:dss_professional:7.002.1760000.2:*:*:*:*:*:*:*

Dahua Technology Co., Ltd

>>dss_professional>>8.0.2

cpe:2.3:a:dahuasecurity:dss_professional:8.0.2:*:*:*:*:*:*:*

Dahua Technology Co., Ltd

>>dss_professional>>8.0.4

cpe:2.3:a:dahuasecurity:dss_professional:8.0.4:*:*:*:*:*:*:*

Dahua Technology Co., Ltd

>>dss_professional>>8.1

cpe:2.3:a:dahuasecurity:dss_professional:8.1:*:*:*:*:*:*:*

Dahua Technology Co., Ltd

>>dss_professional>>8.1.1

cpe:2.3:a:dahuasecurity:dss_professional:8.1.1:*:*:*:*:*:*:*

Dahua Technology Co., Ltd

>>dhi-dss7016d-s2_firmware>>1.001.0000001.2

cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*

Dahua Technology Co., Ltd

>>dhi-dss7016d-s2_firmware>>8.0.2

cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.2:*:*:*:*:*:*:*

Dahua Technology Co., Ltd

>>dhi-dss7016d-s2_firmware>>8.0.4

cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.0.4:*:*:*:*:*:*:*

Dahua Technology Co., Ltd

>>dhi-dss7016d-s2_firmware>>8.1

cpe:2.3:o:dahuasecurity:dhi-dss7016d-s2_firmware:8.1:*:*:*:*:*:*:*

Dahua Technology Co., Ltd

>>dhi-dss7016d-s2>>-

cpe:2.3:h:dahuasecurity:dhi-dss7016d-s2:-:*:*:*:*:*:*:*

Dahua Technology Co., Ltd

>>dhi-dss7016dr-s2_firmware>>1.001.0000001.2

cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*

Dahua Technology Co., Ltd

>>dhi-dss7016dr-s2_firmware>>8.0.2

cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.2:*:*:*:*:*:*:*

Dahua Technology Co., Ltd

>>dhi-dss7016dr-s2_firmware>>8.0.4

cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.0.4:*:*:*:*:*:*:*

Dahua Technology Co., Ltd

>>dhi-dss7016dr-s2_firmware>>8.1

cpe:2.3:o:dahuasecurity:dhi-dss7016dr-s2_firmware:8.1:*:*:*:*:*:*:*

Dahua Technology Co., Ltd

>>dhi-dss7016dr-s2>>-

cpe:2.3:h:dahuasecurity:dhi-dss7016dr-s2:-:*:*:*:*:*:*:*

Dahua Technology Co., Ltd

>>dhi-dss4004-s2_firmware>>1.001.0000001.2

cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:1.001.0000001.2:*:*:*:*:*:*:*

Dahua Technology Co., Ltd

>>dhi-dss4004-s2_firmware>>8.0.2

cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.2:*:*:*:*:*:*:*

Dahua Technology Co., Ltd

>>dhi-dss4004-s2_firmware>>8.0.4

cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.0.4:*:*:*:*:*:*:*

Dahua Technology Co., Ltd

>>dhi-dss4004-s2_firmware>>8.1

cpe:2.3:o:dahuasecurity:dhi-dss4004-s2_firmware:8.1:*:*:*:*:*:*:*

Dahua Technology Co., Ltd

>>dhi-dss4004-s2>>-

cpe:2.3:h:dahuasecurity:dhi-dss4004-s2:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov
CWE-201	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-201

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://www.dahuasecurity.com/support/cybersecurity/details/1137	cybersecurity@dahuatech.com	Patch Vendor Advisory
https://www.dahuasecurity.com/support/cybersecurity/details/1137	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory

Hyperlink: https://www.dahuasecurity.com/support/cybersecurity/details/1137

Source: cybersecurity@dahuatech.com

Resource:

Patch

Vendor Advisory

Hyperlink: https://www.dahuasecurity.com/support/cybersecurity/details/1137

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Patch

Vendor Advisory

Similar CVEs

4Records found

CVE-2023-3299

Matching Score-4

Assigner-HashiCorp Inc.

View Details

Matching Score-4

Assigner-HashiCorp Inc.

CVSS Score-3.4||LOW

EPSS-0.30% / 53.09%

7 Day CHG~0.00%

Published-19 Jul, 2023 | 23:35

Updated-17 Oct, 2024 | 14:10

Nomad Caller ACL Token's Secret ID is Exposed to Sentinel

HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.

Vendor-HashiCorp, Inc.

Product-nomad Nomad Enterprise

CWE ID-CWE-201

Insertion of Sensitive Information Into Sent Data

CWE ID-CWE-668

Exposure of Resource to Wrong Sphere

CVE-2021-32653

Matching Score-4

Assigner-GitHub, Inc.

View Details

Matching Score-4

Assigner-GitHub, Inc.

CVSS Score-2.7||LOW

EPSS-0.38% / 59.02%

7 Day CHG~0.00%

Published-01 Jun, 2021 | 19:50

Updated-03 Aug, 2024 | 23:25

Default settings leak federated cloud ID to lookup server of all users

Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server versions prior to 19.0.11, 20.0.10, or 21.0.2 send user IDs to the lookup server even if the user has no fields set to published. The vulnerability is patched in versions 19.0.11, 20.0.10, and 21.0.2; no workarounds outside the updates are known to exist.

Vendor-Nextcloud GmbH

Product-nextcloud_server security-advisories

CWE ID-CWE-201

Insertion of Sensitive Information Into Sent Data

CVE-2025-64299

Matching Score-4

Assigner-JPCERT/CC

View Details

Matching Score-4

Assigner-JPCERT/CC

CVSS Score-6.9||MEDIUM

EPSS-0.04% / 13.00%

7 Day CHG~0.00%

Published-21 Nov, 2025 | 06:18

Updated-02 Dec, 2025 | 17:51

LogStare Collector improperly handles the password hash data. An administrative user may obtain the other users' password hashes.

Vendor-secuavail LogStare Inc.Microsoft Corporation Linux Kernel Organization, Inc

Product-logstare_collector linux_kernel windows LogStare Collector (for Linux)LogStare Collector (for Windows)

CWE ID-CWE-201

Insertion of Sensitive Information Into Sent Data

CVE-2025-49300

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-2.7||LOW

EPSS-0.04% / 11.28%

7 Day CHG~0.00%

Published-16 Dec, 2025 | 08:12

Updated-20 Jan, 2026 | 15:16

WordPress Traveler Option Tree plugin <= 2.8 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in shinetheme Traveler Option Tree custom-option-tree allows Retrieve Embedded Sensitive Data.This issue affects Traveler Option Tree: from n/a through <= 2.8.

Vendor-Shinecommerce Joint Stock Company

Product-Traveler Option Tree

CWE ID-CWE-201

Insertion of Sensitive Information Into Sent Data

CVE-2022-45428

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs