Information Exposure Through an Error Message in Dahua Technology Hardware solutions

#VU65253 Information Exposure Through an Error Message in Dahua Technology Hardware solutions

Published: 2022-07-13 | Updated: 2022-08-24

Vulnerability identifier: #VU65253

Vulnerability risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-30562

CWE-ID: CWE-209

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
ASI7213X-T1
Hardware solutions / Routers & switches, VoIP, GSM, etc
IPC-HX2XXX
Hardware solutions / Firmware
IPC-HDBW2XXX
Hardware solutions / Firmware
ASI7XXX
Hardware solutions / Firmware

Vendor: Dahua Technology

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in an error message. A remote attacker can gain unauthorized access to sensitive information on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

ASI7213X-T1: 1.000.10 Be006.0.R.201213

External links
http://ics-cert.us-cert.gov/advisories/icsa-22-193-01
http://www.dahuasecurity.com/support/cybersecurity/details/1017

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Dahua DHI-ASI7213X-T1