SB2022071319 - Multiple vulnerabilities in Dahua DHI-ASI7213X-T1
Published: July 13, 2022 Updated: August 24, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2022-30560)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
2) Authentication Bypass by Capture-replay (CVE-ID: CVE-2022-30561)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to Pass the Hash of a captured authentication hash. A remote attacker can sniff the authentication process and access the device without needing a password.
3) Information Exposure Through an Error Message (CVE-ID: CVE-2022-30562)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in an error message. A remote attacker can gain unauthorized access to sensitive information on the system.
4) Improper Restriction of Excessive Authentication Attempts (CVE-ID: CVE-2022-30563)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to improper restriction of excessive authentication attempts. A remote attacker can gain access to sensitive information.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.